CVE-2023-23707

Name of the Vulnerable Software and Affected Versions Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin versions <= 2.7.1

Description The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. It allows for Stored XSS via the upload of SVG and HTML files, due to an Unrestricted Upload of File with Dangerous Type vulnerability.

Recommendations For Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin versions <= 2.7.1, update to a version higher than 2.7.1 to resolve the issue. As a temporary workaround, consider restricting the upload of SVG and HTML files to minimize the risk of exploitation.