CVE-2023-5118
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2023-5118 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the endpoint /sofer/DocumentService.asc/SaveAnnotation in an application. The vulnerability arises due to insufficient sanitization and validation of user input, specifically the author and text parameters transmitted via the POST method. Malicious JavaScript code can be injected, posing a security risk. This issue was discovered in the function responsible for adding new annotations during document content editing. While the vulnerability has been addressed in software versions above 11.1.x, the security status of earlier versions is uncertain.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions