CVE-2023-5378

Stored XSS in SmodBIP and MegaBIP

CVSS 8.8 HIGHEPSS 0.5%CWE-79

Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Productos afectados

Jan Syski · MegaBIP Jan Syski · SmodBIP

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cert.pl/en/posts/2023/12/CVE-2023-5378 https://cert.pl/posts/2023/12/CVE-2023-5378 https://megabip.pl/https://smod.pl/