CVE-2023-7149
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2023-7149 is a newly disclosed vulnerability affecting the code-projects QR Code Generator 1.0. This issue, classified as problematic, is located in the /download.php?file=author.png file. attackers can exploit this cross-site scripting (XSS) vulnerability by manipulating the argument file with the input "<iMg src=N onerror=alert(document.domain)>". This allows for code injection and potential data theft. The exploit is publicly available and can be initiated remotely. The Vulnerability Database has assigned the identifier VDB-249153 to this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Code Projects