CVE-2023-49846
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Dec 14, 2023
Updated: Dec 18, 2023
CWE ID 79
Summary
CVE-2023-49846 is a Cross-Site Scripting (XSS) vulnerability affecting the Author Avatars List/Block in versions 2.1.1 through 2.1.17. An attacker can exploit this weakness by injecting malicious scripts into the input field during web page generation. The result is stored XSS, allowing the attacker to execute scripts in users' browsers, potentially stealing sensitive information or taking control of their accounts.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share