CVE-2023-50924

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 22, 2023

Updated: Jan 5, 2024

CWE ID 79

Summary

CVE-2023-50924 is a vulnerability affecting Engelsystem, a shift planning system for chaos events. Prior to version 3.4.1, Engelsystem failed to adequately validate user-supplied data for DECT numbers, mobile numbers, and work-log comment fields. An authenticated user could exploit this weakness by injecting malicious Javascript code into these fields. The injected code would be executed in another user's context when they viewed corresponding log overviews, leading to potential unauthorized actions. This issue has been addressed in version 3.4.1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Engelsystem

Affected Vendors

Engelsystem

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t0YoSf
https://www.cve.org/CVERecord?id=CVE-2023-50924
https://nvd.nist.gov/vuln/detail/CVE-2023-50924

Back to Vulnerability Database