CVE-2023-5118

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 11, 2024
Updated: Jan 18, 2024
CWE ID 79

Summary

CVE-2023-5118 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the endpoint /sofer/DocumentService.asc/SaveAnnotation in an application. The vulnerability arises due to insufficient sanitization and validation of user input, specifically the author and text parameters transmitted via the POST method. Malicious JavaScript code can be injected, posing a security risk. This issue was discovered in the function responsible for adding new annotations during document content editing. While the vulnerability has been addressed in software versions above 11.1.x, the security status of earlier versions is uncertain.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-5118 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database