PT-2023-18490 · Shirasagi · Shirasagi

Published

2023-02-24

Updated

2025-03-12

CVE-2023-22427

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SHIRASAGI versions 1.16.2 and earlier

Description A stored cross-site scripting issue in the Theme switching function allows a remote attacker with administrative privileges to inject an arbitrary script. This can be exploited by an attacker to execute malicious code on the system.

Recommendations For SHIRASAGI versions 1.16.2 and earlier, consider disabling the Theme switching function until a patch is available to prevent exploitation. Restrict access to administrative privileges to minimize the risk of arbitrary script injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-22427

Affected Products

Shirasagi

PT-2023-18490 · Shirasagi · Shirasagi

CVE-2023-22427

Weakness Enumeration

Related Identifiers

Affected Products

References · 9