CVE-2023-1403

Name of the Vulnerable Software and Affected Versions Weaver Xtreme Theme for WordPress versions up to and including 5.0.7 OpenEdge Authentication Gateway and AdminServer versions prior to 11.7.19, 12.2.14, and 12.8.1

Description The issue concerns stored Cross-Site Scripting in the Weaver Xtreme Theme for WordPress due to insufficient escaping of the profile display name, allowing authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts. Additionally, there is a problem with OpenEdge Authentication Gateway and AdminServer related to improper handling of user name and password types, enabling attackers to bypass authentication and gain access to affected systems with arbitrary privileges.

Recommendations For Weaver Xtreme Theme for WordPress versions up to and including 5.0.7, update to a version higher than 5.0.7 to resolve the stored Cross-Site Scripting issue. For OpenEdge Authentication Gateway and AdminServer versions prior to 11.7.19, 12.2.14, and 12.8.1, apply the updates to OpenEdge LTS 11.7.19, 12.2.14, and 12.8.1 to fix the authentication bypass issue. As a temporary workaround, consider restricting access to the authentication gateway to minimize the risk of exploitation.