CVE-2023-52203

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jan 8, 2024

Updated: Jan 11, 2024

CWE ID 79

Summary

CVE-2023-52203 is a Cross-site Scripting (XSS) vulnerability affecting the cformsII plugin from versions n/a through 15.0.5. The flaw, named Improper Neutralization of Input During Web Page Generation, allows attackers to inject malicious scripts into web pages viewed by other users, potentially resulting in data theft or unauthorized actions. The vulnerability can lead to Stored XSS attacks, making it a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cformsii Project Cformsii

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t9jTXW
https://www.cve.org/CVERecord?id=CVE-2023-52203
https://nvd.nist.gov/vuln/detail/CVE-2023-52203

Back to Vulnerability Database

CVE-2023-52203

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations