CVE-2023-39314

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 10, 2023
Updated: Aug 15, 2023
CWE ID 79

Summary

CVE-2023-39314 is a newly disclosed Cross-Site Scripting (XSS) vulnerability affecting version 3.30.2 and below of the Leyka plugin in Teplitsa social technologies. An attacker can exploit this unauthenticated reflection XSS flaw to inject malicious code into a victim's web browser, potentially stealing sensitive data or executing harmful commands. Successful exploitation does not require user interaction or prior authentication, making it a significant security risk. It is essential to update the Leyka plugin to a patched version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share