CVE-2023-2044

Name of the Vulnerable Software and Affected Versions Control iD iDSecure version 4.7.29.1

Description A vulnerability has been found in the component Dispositivos Page, where the manipulation of the IP-DNS argument leads to cross-site scripting. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For version 4.7.29.1, consider restricting access to the Dispositivos Page component to minimize the risk of exploitation. As a temporary workaround, avoid using the IP-DNS argument in the affected component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.