CVE-2023-5378

Stored XSS in SmodBIP and MegaBIP

CVSS 8.8 HIGHEPSS 0.5%CWE-79

Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Produtos afetados

Jan Syski · MegaBIP Jan Syski · SmodBIP

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cert.pl/en/posts/2023/12/CVE-2023-5378 https://cert.pl/posts/2023/12/CVE-2023-5378 https://megabip.pl/https://smod.pl/