CVE-2023-4672

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 28, 2023
Updated: Jan 4, 2024
CWE ID 125
CWE ID 823
CWE ID 295
CWE ID 1285
CWE ID 786
CWE ID 129

Summary

CVE-2023-4672 is a Cross-site Scripting (XSS) vulnerability affecting Talent Software's ECOP before version 32255. It allows an attacker to inject malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their browsers. The flaw arises from improper neutralization of user input during web page generation. Users are advised to upgrade to the latest ECOP version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Squid-cache Squid
  • Squid Software

Affected Vendors

  • Squid Software Foundation