CVE-2023-4090

Name of the Vulnerable Software and Affected Versions WideStand versions prior to 5.3.5

Description The issue is a Cross-site Scripting (XSS) reflected vulnerability. It generates one of the meta tags directly using the content of the queried URL, allowing an attacker to inject HTML/Javascript code into the response.

Recommendations For versions prior to 5.3.5, update to version 5.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the meta tags generation feature until a patch is available. Avoid using user-supplied input in the queried URL to minimize the risk of exploitation.