CVE-2023-22427

Name of the Vulnerable Software and Affected Versions SHIRASAGI versions 1.16.2 and earlier

Description A stored cross-site scripting issue in the Theme switching function allows a remote attacker with administrative privileges to inject an arbitrary script. This can be exploited by an attacker to execute malicious code on the system.

Recommendations For SHIRASAGI versions 1.16.2 and earlier, consider disabling the Theme switching function until a patch is available to prevent exploitation. Restrict access to administrative privileges to minimize the risk of arbitrary script injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.