CVE-2023-34796

Name of the Vulnerable Software and Affected Versions dmarcts-report-viewer dashboard versions 1.1 through commit 8a1d882b4c481a05e296e9b38a7961e912146a0f

Description The issue allows unauthenticated attackers to execute arbitrary code via the org name or domain values, which is a cross-site scripting (XSS) vulnerability. This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized access or data theft.

Recommendations For versions 1.1 through commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, consider restricting access to the org name and domain values to prevent exploitation until a patch is available. As a temporary workaround, avoid using the org name and domain values in the dashboard until the issue is resolved.