CVE-2023-27294

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event. This malicious Javascript would then be executed in other users' browsers if they browse to that event, potentially resulting in the theft of session tokens from users with higher permission levels or forcing users to make actions without their knowledge.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.