PT-2023-26711 · Badaso · Badaso
Anh91
·
Published
2023-08-29
·
Updated
2023-08-31
·
CVE-2023-38971
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Badaso versions 0.0.1 through 2.9.7
Description
The issue allows a remote attacker to execute arbitrary code via a crafted payload to the
rack number parameter in the add new rack function. This enables the attacker to perform Cross Site Scripting attacks.Recommendations
For Badaso versions 0.0.1 through 2.9.7, consider disabling the
add new rack function until a patch is available to prevent exploitation via the rack number parameter. Restrict access to this function to minimize the risk of arbitrary code execution.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Badaso