CVE-2023-4983

Name of the Vulnerable Software and Affected Versions app1pro Shopicial versions up to 20230830

Description A problem has been found in the file search code, allowing for cross-site scripting through the manipulation of the with argument and input like comments</script>'"><img src=x onerror=alert(document.cookie)>. This issue can be exploited remotely.

Recommendations For app1pro Shopicial versions up to 20230830, consider restricting the use of the file search function until a fix is available. As a temporary workaround, avoid using the with argument in the affected file search functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.