CVE-2023-4534

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 25, 2023
Updated: May 17, 2024
CWE ID 200

Summary

CVE-2023-4534 represents a cross-site scripting (XSS) vulnerability in NeoMind Fusion Platform versions up to and including 20230731. This issue affects an unidentified function within the /fusion/portal/action/Link file. By manipulating the link argument, an attacker can inject malicious code, potentially launching a remote attack. The exploit for this vulnerability has been made public, increasing the risk of exploitation. VDB-238026 is the assigned identification number for this flaw. Notably, the vendor was informed of this disclosure but did not respond.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache Airflow

Affected Vendors

  • Apache Software Foundation