CVE-2023-45957

Name of the Vulnerable Software and Affected Versions thirty bees versions prior to 1.5.0

Description A stored cross-site scripting (XSS) issue exists due to error mishandling in the admin/AdminRequestSqlController.php component, allowing attackers to execute arbitrary web script or HTML via the $e->getMessage() function. This can be exploited by manipulating the error message to inject malicious scripts.

Recommendations For versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/AdminRequestSqlController.php component to minimize the risk of exploitation. Avoid using the $e->getMessage() function in error handling until the issue is resolved.