CVE-2023-28350

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published May 31, 2023

Updated: Jan 13, 2025

CWE ID 79

Summary

CVE-2023-28350 is a vulnerability affecting Faronics Insight 10.0.19045 on Windows. The issue lies in the lack of input validation and sanitization in both the Teacher and Student Console applications. An attacker can exploit this Cross Site Scripting (XSS) vulnerability to inject and execute JavaScript code. Given the rich functionality of the Teacher Console, an attacker can silently exploit this vulnerability on the teacher's machine, which in turn grants them remote code execution on any connected student machine.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rbUa7t
https://www.cve.org/CVERecord?id=CVE-2023-28350
https://nvd.nist.gov/vuln/detail/CVE-2023-28350

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners

CVE-2023-28350

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations