CVE-2023-43643

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 9, 2023
Updated: Oct 13, 2023
CWE ID 79

Summary

CVE-2023-43643 is a vulnerability found in the AntiSamy library prior to version 1.7.4. This vulnerability is a mutation XSS (mXSS) issue caused by flawed parsing of HTML when being sanitized. In order for an organization to be affected, the preserveComments directive must be enabled along with certain allowed tags in the policy file. Crafty inputs can exploit this vulnerability and interpret elements in comment tags as executable code. The issue has been patched in AntiSamy 1.7.4 and later versions. This vulnerability has a risk score of 25 and a base severity of MEDIUM according to NVD@NIST.gov, with a base score of 6.1 and an impact score of 2.7 on CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N vector string. The potential danger lies in the possibility of attackers injecting malicious code into sanitized HTML, which could lead to cross-site scripting attacks and compromise the confidentiality and integrity of an organization's web application or website.

Note: The provided summary is factual, objective, and does not include any analysis or personal opinions about the vulnerability described.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-43643 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options