CVE-2023-41343

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 3, 2023
Updated: Nov 9, 2023
CWE ID 79

Summary

CVE-2023-41343 is a vulnerability affecting Rogic No-Code Database Builder's file uploading function. This issue allows a remote attacker, who possesses regular user privileges, to inject malicious JavaScript code via special characters during file uploads. As a result, Stored Cross-Site Scripting (XSS) attacks can be executed on unsuspecting users, potentially leading to unauthorized access, data theft, or other malicious activities. Rogic is advised to apply the necessary patches or updates to mitigate this risk. Users are also encouraged to exercise caution when handling file uploads from untrusted sources.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share