Shirasagi · Shirasagi · CVE-2023-22425
**Name of the Vulnerable Software and Affected Versions**
SHIRASAGI versions 1.16.2 and earlier
**Description**
The issue allows a remote authenticated attacker to inject an arbitrary script due to a stored cross-site scripting vulnerability in the Schedule function.
**Recommendations**
For SHIRASAGI versions 1.16.2 and earlier, consider disabling the Schedule function until a patch is available to prevent exploitation.
Restrict access to the Schedule function to minimize the risk of arbitrary script injection.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.