CVE-2023-47437

Name of the Vulnerable Software and Affected Versions Pachno version 1.0.6

Description A vulnerability has been identified that allows an authenticated attacker to execute a cross-site scripting (XSS) attack. The issue exists due to inadequate input validation in the Project Description and comments, enabling an attacker to inject malicious JavaScript.

Recommendations For Pachno version 1.0.6, consider implementing proper input validation for the Project Description and comments to prevent malicious JavaScript injection. As a temporary workaround, restrict the ability to input JavaScript code in these fields until a patch is available.