CVE-2023-38827

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 9, 2024
Updated: Jan 16, 2024
CWE ID 79

Summary

CVE-2023-38827 is a Cross-Site Scripting (XSS) vulnerability affecting Follet School Solutions Destiny version 20 and later (au4 and above). An attacker can exploit this flaw in the presentonesearchresultsform.do file to inject and execute malicious scripts in a user's web browser. Successful exploitation allows the attacker to steal sensitive information, perform unauthorized actions, and potentially gain control of the affected user's account. This vulnerability poses a significant risk, as it can be used to launch attacks on both students and staff within an educational institution. It is essential that organizations using Follet School Solutions Destiny apply the necessary patches as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share