CVE-2023-46066

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 16, 2023

Updated: Oct 19, 2023

CWE ID 79

Summary

CVE-2023-46066 is a stored Cross-Site Scripting (XSS) vulnerability affecting versions 1.6 and below of the Codedrafty Mediabay – Media Library Folders plugin for Auth. (editor+). An attacker can exploit this flaw by injecting malicious scripts into a targeted user's input, allowing them to execute arbitrary code within the application when the user views the affected page. This can lead to session hijacking, data theft, or other unauthorized actions. Users are advised to update to the latest version of the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tB4QSe
https://www.cve.org/CVERecord?id=CVE-2023-46066
https://nvd.nist.gov/vuln/detail/CVE-2023-46066

Back to Vulnerability Database

CVE-2023-46066

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations