CVE-2023-4090

Cross-Site Scripting (XSS) vulnerability on WideStand CMS of Acilia

CVSS 5.4 MEDIUMEPSS 0.3%CWE-79

Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Produtos afetados

Acilia · Widestand CMS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-widestand-cms-acilia