PT-2023-19146 · Awsm Innovations · Awsm Innovations Embed Any Document – Embed Pdf

N0Paew

Published

2023-03-23

Updated

2023-03-27

CVE-2023-23707

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin versions <= 2.7.1

Description The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. It allows for Stored XSS via the upload of SVG and HTML files, due to an Unrestricted Upload of File with Dangerous Type vulnerability.

Recommendations For Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin versions <= 2.7.1, update to a version higher than 2.7.1 to resolve the issue. As a temporary workaround, consider restricting the upload of SVG and HTML files to minimize the risk of exploitation.

Fix

Unrestricted File Upload

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-79

Related Identifiers

CVE-2023-23707

Affected Products

Awsm Innovations Embed Any Document – Embed Pdf

CVE-2023-23707

Weakness Enumeration

Related Identifiers

Affected Products

References · 3