CVE-2023-27069

Name of the Vulnerable Software and Affected Versions TotalJS OpenPlatform version b80b09d

Description A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field. This enables the execution of malicious code on the platform.

Recommendations For version b80b09d, consider validating and sanitizing user input in the account name field to prevent the injection of malicious payloads. As a temporary workaround, restrict access to the account name field until a proper fix is implemented.