CVE-2023-26446

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue arises from the lack of sanitization or escaping of the user's clientID at "application passwords" before it is added to the DOM. This allows malicious script code to be executed within the victim's context, potentially leading to session hijacking or triggering unwanted actions via the web interface and API. An attacker would need temporary access to the user's account or lure a user to a compromised account to exploit this. The clientID parameter, which is user-controllable, is now sanitized. There are no known publicly available exploits for this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.