CVE-2023-44272

CVE-2023-44272

EPSS 0.4%

A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.

Affected products

Citadel · Citadel

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://code.citadel.org/citadel/citadel https://code.citadel.org/citadel/citadel/-/commit/f0dac5ff074ad686fa71ea663c8ead107bd3041e https://jvn.jp/en/jp/JVN08237727/https://www.citadel.org/download.html