CVE-2023-49484

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 8, 2023

Updated: Dec 11, 2023

CWE ID 79

Summary

CVE-2023-49484 is a newly disclosed cross-site scripting (XSS) vulnerability impacting version 4.1.3 of Dreamer CMS in its article management department. Maliciously crafted input can be injected into web pages viewed by other users, potentially leading to data theft or unauthorized system access. Attackers can exploit this flaw by embedding malicious scripts into seemingly harmless content, resulting in unintended execution in users' browsers. It is recommended that users update to the latest, secure version of Dreamer CMS to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tlEuFP
https://www.cve.org/CVERecord?id=CVE-2023-49484
https://nvd.nist.gov/vuln/detail/CVE-2023-49484

Back to Vulnerability Database

CVE-2023-49484

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations