CVE-2023-1356

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IDWeb application versions 3.1.052 and earlier

Description The issue is related to reflected cross-site scripting in the StudentSearch component, allowing attackers to hijack a user's browsing session if the user clicks on a malicious link. This can be achieved by convincing the user to click on the link.

Recommendations For versions 3.1.052 and earlier, consider disabling the StudentSearch component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of session hijacking. Avoid using links from untrusted sources to mitigate the risk.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-1356

Affected Products

Idweb

CVE-2023-1356

Weakness Enumeration

Related Identifiers

Affected Products

References · 5