CVE-2023-6275
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2023-6275 is a recently disclosed vulnerability affecting the TOTVS Fluig Platform in versions 1.6.x, 1.7.x, 1.8.0, and 1.8.1. This issue, rated as problematic, resides in the file /mobileredir/openApp.jsp of the mobileredir component. By manipulating the argument redirectUrl/user with the input "<script>alert(document.domain)</script>", an attacker can execute a cross-site scripting (XSS) attack. This vulnerability can be exploited remotely, making it a serious concern. The exploit has been made public, increasing the risk of attacks. To mitigate this issue, users are advised to upgrade to versions 1.7.1-231128, 1.8.0-231127, and 1.8.1-231127.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Totvs