CVE-2023-7166

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 29, 2023

Updated: May 17, 2024

CWE ID 79

Summary

CVE-2023-7166 is a newly disclosed vulnerability affecting Novel-Plus up to version 4.2.0. This issue lies in the HTTP POST Request Handler's unknown part of the /user/updateUserInfo file. Manipulation of the nickName argument leads to a cross-site scripting (XSS) vulnerability, allowing attackers to inject malicious code. The exploit is publicly known, and remote attacks are possible. To mitigate this risk, it is crucial to install the patch with the identifier c62da9bb3a9b3603014d0edb436146512631100d. VDB-249201 has been assigned to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t9J_8W
https://www.cve.org/CVERecord?id=CVE-2023-7166
https://nvd.nist.gov/vuln/detail/CVE-2023-7166

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-2023-7166

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations