CVE-2023-1278

Name of the Vulnerable Software and Affected Versions IBOS versions up to 4.5.5

Description A problematic issue has been found in IBOS, affecting some unknown functionality of the file mobil/index.php. The manipulation of the accesstoken argument leads to cross-site scripting. The attack can be launched remotely.

Recommendations For IBOS versions up to 4.5.5, consider disabling access to the mobil/index.php file or restricting the use of the accesstoken argument until a patch is available. As a temporary workaround, avoid using the accesstoken argument in the affected file to minimize the risk of exploitation.