CVE-2023-3862

Name of the Vulnerable Software and Affected Versions Travelmate Travelable Trek Management Solution version 1.0

Description A vulnerability was found in the component Comment Box Handler of the Travelmate Travelable Trek Management Solution. The manipulation of the comment argument leads to cross-site scripting. The attack can be launched remotely, with a rather high complexity and difficult exploitation. The vendor was contacted about this disclosure but did not respond.

Recommendations For Travelmate Travelable Trek Management Solution version 1.0, as a temporary workaround, consider restricting the use of the Comment Box Handler component until a patch is available. Avoid using the comment argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.