CVE-2023-46070
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2023-46070 is a newly disclosed Cross-Site Scripting (XSS) vulnerability affecting version 2.1.3 of the Emmanuel GEORJON EG-Attachments plugin. This issue is considered unauthenticated, meaning an attacker does not need to have valid login credentials to exploit it. By injecting malicious scripts into a targeted website, an attacker can manipulate a user's web browser and potentially gain access to sensitive information or install malware. This vulnerability poses a significant risk to websites using the affected plugin and should be addressed promptly through an update to a patched version.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.