CVE-2023-41655

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Sep 29, 2023

Updated: Oct 2, 2023

CWE ID 79

Summary

CVE-2023-41655 is a stored Cross-Site Scripting (XSS) vulnerability affecting versions 2.5.9 of the Andreas Heigl authLdap plugin. An attacker can exploit this admin privilege escalation flaw to inject malicious scripts into a website's pages, potentially gaining unauthorized access to user data or taking control of user sessions. Successful exploitation requires no user interaction, making it a serious threat to organizations using the affected plugin for authentication. To mitigate this risk, users are advised to update the plugin to a secure version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sga_DD
https://www.cve.org/CVERecord?id=CVE-2023-41655
https://nvd.nist.gov/vuln/detail/CVE-2023-41655

Back to Vulnerability Database

CVE-2023-41655

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations