CVE-2023-5118

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 11, 2024

Updated: Jan 18, 2024

CWE ID 79

Summary

CVE-2023-5118 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the endpoint /sofer/DocumentService.asc/SaveAnnotation in an application. The vulnerability arises due to insufficient sanitization and validation of user input, specifically the author and text parameters transmitted via the POST method. Malicious JavaScript code can be injected, posing a security risk. This issue was discovered in the function responsible for adding new annotations during document content editing. While the vulnerability has been addressed in software versions above 11.1.x, the security status of earlier versions is uncertain.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database