CVE-2023-5697

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 23, 2023

Updated: May 17, 2024

CWE ID 79

Summary

CVE-2023-5697 is a newly disclosed vulnerability affecting the CodeAstro Internet Banking System 1.0. The issue lies within the pages_withdraw_money.php file, where the argument 'account_number' is susceptible to cross-site scripting (XSS) attacks. An input of the form '287359614--><ScRiPt%20>alert(1234)</ScRiPt><!--' can manipulate the code and inject malicious scripts. This vulnerability is remote and publicly disclosed, posing a significant risk. The associated identifier for this vulnerability is VDB-243135.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tGIY8y
https://www.cve.org/CVERecord?id=CVE-2023-5697
https://nvd.nist.gov/vuln/detail/CVE-2023-5697

Back to Vulnerability Database

CVE-2023-5697

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations