CVE-2023-6275

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 24, 2023
Updated: May 17, 2024
CWE ID 79

Summary

CVE-2023-6275 is a recently disclosed vulnerability affecting the TOTVS Fluig Platform in versions 1.6.x, 1.7.x, 1.8.0, and 1.8.1. This issue, rated as problematic, resides in the file /mobileredir/openApp.jsp of the mobileredir component. By manipulating the argument redirectUrl/user with the input "<script>alert(document.domain)</script>", an attacker can execute a cross-site scripting (XSS) attack. This vulnerability can be exploited remotely, making it a serious concern. The exploit has been made public, increasing the risk of attacks. To mitigate this issue, users are advised to upgrade to versions 1.7.1-231128, 1.8.0-231127, and 1.8.1-231127.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share