CVE-2023-6552

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 8, 2024

Updated: Jan 11, 2024

CWE ID 601

Summary

CVE-2023-6552 refers to a vulnerability in which the validation of the "current" GET parameter is missing during the language change action. This issue results in an open redirect vulnerability, allowing an attacker to redirect users to malicious websites, potentially leading to data theft or phishing attacks. Users are strongly advised to update their systems to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ttXHxd
https://www.cve.org/CVERecord?id=CVE-2023-6552
https://nvd.nist.gov/vuln/detail/CVE-2023-6552

Back to Vulnerability Database

CVE-2023-6552

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations