CVE-2023-0746

Name of the Vulnerable Software and Affected Versions GigaVUE-FM version 5.0 202

Description The help page in GigaVUE-FM does not require an authenticated user, allowing an attacker to enforce a user into inserting malicious JavaScript code into the URI. This could lead to a Reflected Cross site Scripting attack.

Recommendations For GigaVUE-FM version 5.0 202, consider restricting access to the help page until a patch is available. As a temporary workaround, avoid using the help page or restrict user input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.