PT-2023-29787 · Unknown · I-Doit Pro

Leekenghwa

Publicado

2023-10-21

Atualizado

2024-09-11

CVE-2023-46003

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions i-doit pro versions 25 and below

Description The issue is related to Cross Site Scripting (XSS) and can be exploited via the index.php endpoint. This allows for potential malicious script injection.

Recommendations For versions 25 and below, consider disabling access to the index.php endpoint until a fix is available. As a temporary workaround, restrict the use of user-inputted data in the index.php endpoint to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-46003

Produtos afetados

I-Doit Pro

PT-2023-29787 · Unknown · I-Doit Pro

CVE-2023-46003

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9