CVE-2023-40197

Name of the Vulnerable Software and Affected Versions Devaldi Ltd flowpaper plugin versions <= 1.9.9

Description The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects the Devaldi Ltd flowpaper plugin. This vulnerability requires authentication and is limited to users with contributor or higher permissions. The vulnerability allows for the storage of malicious scripts, which can then be executed by other users, potentially leading to unauthorized actions or data exposure.

Recommendations For Devaldi Ltd flowpaper plugin versions <= 1.9.9, consider disabling the plugin until a patch or updated version is available that addresses the Stored Cross-Site Scripting (XSS) vulnerability. As a temporary workaround, restrict access to the plugin for users with contributor or higher permissions to minimize the risk of exploitation.