CVE-2023-30615

Name of the Vulnerable Software and Affected Versions iris-web versions prior to 2.2.1

Description A stored Cross-Site Scripting (XSS) issue has been identified, allowing an attacker to inject malicious scripts into the application. These scripts are executed when a user visits the affected locations, potentially leading to unauthorized access, data theft, or other malicious activities. To exploit this issue, an attacker must be authenticated on the application.

Recommendations For versions prior to 2.2.1, update to version 2.2.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.