PT-2023-31009 · Teedy · Teedy

Renzo Machado

Published

2023-09-25

Updated

2023-09-26

CVE-2023-4892

CVSS v3.1

5.7

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Teedy version 1.11

Description The issue allows events to be executed in HTML tags that an attacker could manipulate, making it possible to execute malicious JavaScript in the webapp.

Recommendations For Teedy version 1.11, consider disabling the text editor functionality until a patch is available to prevent the execution of malicious JavaScript. Restrict access to the text editor module to minimize the risk of exploitation. Avoid using the text editor to parse or execute HTML tags from untrusted sources.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-4892

Affected Products

Teedy

PT-2023-31009 · Teedy · Teedy

CVE-2023-4892

Weakness Enumeration

Related Identifiers

Affected Products

References · 7