CVSS 3.1 Score 6.1 of 10 (medium)


Published Nov 20, 2023
Updated: Nov 30, 2023


CVE-2023-38883 is a reflected cross-site scripting (XSS) vulnerability that affects the Community Edition version 9.0 of OS4ED's openSIS Classic. This vulnerability allows remote attackers to execute arbitrary JavaScript in a user's web browser by injecting a malicious payload into the 'ajax' parameter in 'ParentLookup.php'. The vulnerability has a base severity rating of MEDIUM and requires user interaction to exploit. It poses a potential danger to organizations as it could lead to unauthorized access or manipulation of sensitive data. To remediate this vulnerability, users should update to a patched version provided by OS4ED.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-38883 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options