CVE-2023-5910

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 2, 2023

Updated: May 17, 2024

CWE ID 79

Summary

CVE-2023-5910 is a newly disclosed vulnerability in PopojiCMS 2.0.1, which affects the Web Config component's install.php file. This issue allows an attacker to execute cross-site scripting (XSS) attacks by manipulating the argument Site Title with malicious input, such as <script>alert(1)</script>. The attack can be initiated remotely, and while the complexity is relatively high, successful exploitation is known to be difficult. The vulnerability has been publicly disclosed, increasing the risk of attacks. The vendor was notified but did not respond, and the identifier VDB-244229 was assigned to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tPA1O_
https://www.cve.org/CVERecord?id=CVE-2023-5910
https://nvd.nist.gov/vuln/detail/CVE-2023-5910

Back to Vulnerability Database

CVE-2023-5910

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations