PT-2023-32770 · Unknown · Amazing Little Poll

David Utón Amaya

Publicado

2023-12-13

Atualizado

2023-12-22

CVE-2023-6769

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Amazing Little Poll versions 1.3 through 1.4

Description The issue is a Stored XSS vulnerability that allows a remote attacker to store a malicious JavaScript payload in the "lp admin.php" file using the question and item parameters. This could lead to malicious JavaScript execution while the page is loading.

Recommendations For versions 1.3 and 1.4, consider disabling access to the "lp admin.php" file or restricting the use of the question and item parameters until a patch is available. As a temporary workaround, avoid using the question and item parameters in the affected API endpoint.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-6769

Produtos afetados

Amazing Little Poll

PT-2023-32770 · Unknown · Amazing Little Poll

CVE-2023-6769

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7