CVE-2023-5452

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 6, 2023
Updated: Oct 10, 2023
CWE ID 79

Summary

CVE-2023-5452 is a Cross-Site Scripting (XSS) vulnerability affecting the GitHub repository snipe/snipe-it before version 6.2.2. Malicious scripts injected as part of stored data could be executed in users' browsers when they view affected pages, potentially leading to unauthorized actions or data theft. Attackers could exploit this vulnerability by inserting malicious code into fields such as comments or issue descriptions. Users are strongly advised to update their repositories to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share