CVE-2023-45958

Summary

CVE-2023-45958 is a reflected cross-site scripting (XSS) vulnerability affecting Thirty Bees Core v1.4.0. This issue is located in the AdminController.php file, specifically the backup_pagination parameter. An attacker can exploit this flaw by delivering a maliciously crafted payload, which is then executed in the web browser of an unsuspecting user, allowing the attacker to inject arbitrary JavaScript code. This vulnerability poses a significant risk, as it can lead to data theft, session hijacking, or even complete system takeover. It is recommended that users upgrade to the latest version of Thirty Bees Core to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.