CVE-2023-34452
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2023-34452 affects versions 1.7.42 and earlier of the Grav content management system. The vulnerability lies in the "/forgot_password" page, which has a self-reflected cross-site scripting (XSS) issue. Attackers can inject malicious scripts into the "email" parameter, potentially gaining the ability to execute arbitrary code on a user's browser. However, the impact is limited due to the need for user interaction to trigger the vulnerability. At present, a patch has not been released. To mitigate the risk, it is recommended to implement server-side validation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Getgrav Grav
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions