CVE-2023-6359

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 28, 2023

Updated: Nov 30, 2023

CWE ID 79

Summary

CVE-2023-6359 is a Cross-Site Scripting (XSS) vulnerability identified in version 4.0.0.1.08 of Alumne LMS. This issue resides in the 'localidad' parameter of the '/users/editmy' page. An attacker can inject a custom JavaScript payload through this parameter, taking partial control of another user's browser session. This occurs due to insufficient sanitization of the 'localidad' field, allowing code injection and potential data theft or manipulation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tmHR4G
https://www.cve.org/CVERecord?id=CVE-2023-6359
https://nvd.nist.gov/vuln/detail/CVE-2023-6359

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2023-6359

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations