CVE-2023-39543

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 21, 2023
Updated: Aug 25, 2023
CWE ID 79

Summary

CVE-2023-39543 is a cross-site scripting (XSS) vulnerability affecting LuxCal Web Calendar versions prior to 5.2.3M for MySQL and 5.2.3L for SQLite. An attacker can exploit this issue to inject and execute malicious scripts in the web browsers of unsuspecting users, without requiring authentication. This poses a serious risk to data confidentiality and integrity for those using the affected software. It is highly recommended that users upgrade to the latest versions of LuxCal Web Calendar to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share