CVE-2023-26445

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue is related to frontend themes defined by user-controllable jslob settings, which could point to a malicious resource and get processed during login. This can lead to the execution of malicious script code within the victim's context, resulting in session hijacking or triggering unwanted actions via the web interface and API. An attacker would require temporary access to the user's account or lure a user to a compromised account to exploit this. The issue is addressed by sanitizing the theme value and using a default fallback if no theme matches.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.