CVE-2023-49029

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 27, 2023

Updated: Dec 1, 2023

CWE ID 79

Summary

CVE-2023-49029 is a Cross-Site Scripting (XSS) vulnerability affecting smpn1smg absis versions prior to v2017-10-19. This issue allows remote attackers to inject and execute malicious scripts in the lock/lock.php file through the nama parameter. Successful exploitation could lead to unauthorized access to user data or session hijacking, potentially resulting in significant security risks. Users are strongly urged to update their smpn1smg absis installations to the latest available version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tfGjQ2
https://www.cve.org/CVERecord?id=CVE-2023-49029
https://nvd.nist.gov/vuln/detail/CVE-2023-49029

Back to Vulnerability Database

CVE-2023-49029

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations