CVE-2023-5837

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 28, 2023

Updated: May 17, 2024

CWE ID 79

Summary

CVE-2023-5837 is a newly disclosed cross-site scripting (XSS) vulnerability affecting the Cookie Handler component of AlexanderLivanov FotosCMS2 up to version 2.4.3. The flaw is located in the file profile.php and can be triggered by manipulating the argument "username." This vulnerability enables an attacker to inject malicious scripts, potentially stealing user data or gaining unauthorized access. Since the exploit has been made public, it's essential for users to upgrade their FotosCMS2 installation as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tLMor-
https://www.cve.org/CVERecord?id=CVE-2023-5837
https://nvd.nist.gov/vuln/detail/CVE-2023-5837

Back to Vulnerability Database

CVE-2023-5837

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations