CVE-2023-48771

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 14, 2023

Updated: Dec 19, 2023

CWE ID 79

Summary

CVE-2023-48771 is a Cross-site Scripting (XSS) vulnerability affecting the Bruno "Aesqe" Babic File Gallery. This issue, which allows Reflected XSS, exists in the software from version 1.8.5.4. The vulnerability stems from improper neutralization of user inputs during web page generation, making it possible for attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized actions or data theft. Users of the File Gallery are advised to upgrade to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/td-qgO
https://www.cve.org/CVERecord?id=CVE-2023-48771
https://nvd.nist.gov/vuln/detail/CVE-2023-48771

Back to Vulnerability Database

CVE-2023-48771

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations