CVE-2023-39707

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 25, 2023
Updated: Aug 29, 2023
CWE ID 79

Summary

CVE-2023-39707 is a stored cross-site scripting (XSS) vulnerability affecting Free and Open Source Inventory Management System version 1.0. This issue allows attackers to inject malicious web scripts or HTML codes into the Add Expense parameter under the Expense section. Successful exploitation results in the execution of these scripts on the victim's browser, potentially leading to data theft, unauthorized account access, or other malicious activities. Attackers can leverage this vulnerability by manipulating the input data, which is later stored and served to unsuspecting users. Users are strongly advised to upgrade their software to the latest version or apply available patches to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share