CVE-2023-4672
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Dec 28, 2023
Updated: Jan 4, 2024
CWE ID 125
CWE ID 823
CWE ID 295
CWE ID 1285
CWE ID 786
CWE ID 129
Summary
CVE-2023-4672 is a Cross-site Scripting (XSS) vulnerability affecting Talent Software's ECOP before version 32255. It allows an attacker to inject malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their browsers. The flaw arises from improper neutralization of user input during web page generation. Users are advised to upgrade to the latest ECOP version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Squid-cache Squid
- Squid Software
Affected Vendors
- Squid Software Foundation