PT-2023-30041 · Zentao · Zentao
Published
2023-10-31
·
Updated
2023-11-09
·
CVE-2023-46475
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ZenTao version 18.3
Description
A Stored Cross-Site Scripting issue was discovered where a user can create a project and inject malicious JavaScript code in the project's name field.
Recommendations
For ZenTao version 18.3, consider restricting the ability to create projects or limiting the input in the project name field to prevent the injection of malicious JavaScript code until a patch is available.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zentao