PT-2023-21027 · Unknown · File Management Project
Published
2023-03-27
·
Updated
2023-03-31
·
CVE-2023-27245
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
File Management Project version 1.0.0
Description
A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
Name field under the Edit User module.Recommendations
For File Management Project version 1.0.0, consider disabling the Edit User module until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the Name field to minimize the risk of arbitrary script execution.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
File Management Project