Temenos · Temenos T24 Browser · CVE-2023-46948
**Name of the Vulnerable Software and Affected Versions**
Temenos T24 Browser version R19.40
**Description**
A reflected Cross-Site Scripting (XSS) issue was discovered, allowing a remote attacker to execute arbitrary JavaScript code. This is achieved via the `skin` parameter in the "about.jsp" and "genrequest.jsp" components.
**Recommendations**
For Temenos T24 Browser version R19.40, consider restricting access to the `about.jsp` and `genrequest.jsp` components until a patch is available. As a temporary workaround, avoid using the `skin` parameter in these components to minimize the risk of exploitation.