CVE-2023-28350

Name of the Vulnerable Software and Affected Versions Faronics Insight versions 10.0.19045

Description The issue is related to the lack of protection of the web page structure in the Teacher Console and Student Console components of the Faronics Insight platform. This allows an attacker to perform cross-site scripting attacks by sending specially crafted HTTP requests. The vulnerability enables an attacker to execute JavaScript in the Teacher and Student Console applications, potentially leading to remote code execution on connected student machines and the teacher's machine.

Recommendations For Faronics Insight version 10.0.19045, consider disabling the execution of JavaScript in the Teacher and Student Console applications as a temporary workaround until a patch is available. Restrict access to the Teacher Console to minimize the risk of exploitation. Avoid using the Teacher Console on untrusted networks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.