CVE-2023-38400

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 30, 2023
Updated: Dec 5, 2023
CWE ID 79

Summary

CVE-2023-38400 is a Cross-site Scripting (XSS) vulnerability affecting the Kriesi Enfold - Responsive Multi-Purpose Theme. This issue, located in the theme's web page generation process, enables Reflected XSS attacks. Attackers can inject malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their sessions. The vulnerability impacts Enfold versions from n/a through 5.6.4, necessitating immediate updates to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share