CVE-2023-50712

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 22, 2023
Updated: Jan 3, 2024
CWE ID 87
CWE ID 79

Summary

CVE-2023-50712 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Iris web collaborative platform, versions prior to v2.3.7. This issue allows authenticated attackers to inject malicious scripts into the application, which could be executed when users visit affected locations. Consequences include unauthorized access, data theft, and other malicious activities. The vulnerability has been fixed in version v2.3.7, and no known workarounds are available. Iris, used by incident responders for sharing technical details during investigations, is at risk of XSS attacks, potentially leading to serious security breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share