CVE-2023-6769

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Dec 20, 2023
Updated: Dec 22, 2023
CWE ID 79

Summary

CVE-2023-6769 is a stored Cross-Site Scripting (XSS) vulnerability affecting Amazing Little Poll versions 1.3 and 1.4. An attacker can exploit this flaw by injecting malicious JavaScript code into the "lp_admin.php" file, specifically in the "question" and "item" parameters. Successful exploitation enables the attacker to execute their malicious script during page loading, potentially compromising user data or taking control of the user's session.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share