PT-2023-27705 · Unknown · Arconte Áurea
Jorge Alberto Palma Reyes
+1
·
Published
2023-09-19
·
Updated
2023-09-21
·
CVE-2023-4093
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Arconte Áurea version 1.5.0.0
Description
The issue is a reflected and persistent XSS vulnerability that could allow an attacker to inject malicious JavaScript code. This could compromise the victim's browser, take control of it, redirect the user to malicious domains, or access information being viewed by the legitimate user.
Recommendations
For Arconte Áurea version 1.5.0.0, consider disabling JavaScript execution in the browser as a temporary workaround until a patch is available. Restrict access to sensitive information and avoid using the software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arconte Áurea