CVE-2023-54343

Name of the Vulnerable Software and Affected Versions QWE DL version 2.0.1

Description The QWE DL mobile web application has a persistent input validation issue. Remote attackers can inject malicious script code by manipulating a path parameter. This allows for persistent cross-site scripting (XSS) attacks, which could lead to session hijacking and application module manipulation. The application’s path parameter does not properly sanitize user-supplied input, allowing attackers to inject arbitrary scripts that are then stored and executed by other users.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider implementing robust input validation and output encoding mechanisms to prevent the injection of malicious scripts.