CVE-2023-49078

Name of the Vulnerable Software and Affected Versions raptor-web version 0.4.4

Description The issue is a reflected cross-site scripting vulnerability in raptor-web, a CMS for game server communities. It allows an attacker to craft a malicious URL that, when clicked by a victim, can execute arbitrary code. The vulnerability is due to a user-controlled URL parameter being loaded into an internal template with autoescape disabled. Any victim who clicks on a maliciously crafted link will be affected.

Recommendations For version 0.4.4, update to version 0.4.4.1 to resolve the issue. As a temporary workaround, consider restricting access to user-controlled URL parameters until the update can be applied.