CVE-2023-49150

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 14, 2023

Updated: Dec 19, 2023

CWE ID 79

Summary

CVE-2023-49150 is a Cross-site Scripting (XSS) vulnerability affecting the CurrencyRate.Today Crypto Converter Widget. The issue lies in the improper neutralization of user inputs during web page generation. An attacker can exploit this vulnerability to inject malicious scripts into the widget, potentially stealing user data or taking control of their browser sessions. This issue affects all versions of the Crypto Converter Widget from n/a through 1.8.1. Users are strongly advised to update to the latest patch to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/thn_55
https://www.cve.org/CVERecord?id=CVE-2023-49150
https://nvd.nist.gov/vuln/detail/CVE-2023-49150

Back to Vulnerability Database

CVE-2023-49150

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations