CVE-2023-46070

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 25, 2023
Updated: Nov 2, 2023
CWE ID 79

Summary

CVE-2023-46070 is a newly disclosed Cross-Site Scripting (XSS) vulnerability affecting version 2.1.3 of the Emmanuel GEORJON EG-Attachments plugin. This issue is considered unauthenticated, meaning an attacker does not need to have valid login credentials to exploit it. By injecting malicious scripts into a targeted website, an attacker can manipulate a user's web browser and potentially gain access to sensitive information or install malware. This vulnerability poses a significant risk to websites using the affected plugin and should be addressed promptly through an update to a patched version.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share