CVE-2023-6466

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 2, 2023

Updated: May 17, 2024

CWE ID 79

Summary

CVE-2023-6466 is a recently disclosed cross-site scripting vulnerability affecting Thecosy IceCMS 2.0.1. The issue lies within the User Comment Handler component, specifically the /planet file. An attacker can exploit this flaw remotely by manipulating input data, leading to the injection of malicious scripts into a victim's web browser. As this vulnerability has been made public, it is essential that users apply the necessary patches or upgrades to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tpMv7Z
https://www.cve.org/CVERecord?id=CVE-2023-6466
https://nvd.nist.gov/vuln/detail/CVE-2023-6466

Back to Vulnerability Database

CVE-2023-6466

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations