CVE-2023-33829

Name of the Vulnerable Software and Affected Versions Cloudogu GmbH SCM Manager versions 1.2 through 1.60

Description A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. This enables attackers to potentially steal user data or take control of user sessions.

Recommendations For versions 1.2 through 1.60, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Description text field to minimize the risk of arbitrary script execution.