PT-2023-6979 · Unknown · Newsletters

Gen Sato

Published

2023-05-09

Updated

2023-05-30

CVE-2023-27922

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Newsletter versions prior to 7.6.9

Description The issue is a cross-site scripting vulnerability that allows a remote unauthenticated attacker to inject an arbitrary script. This can be exploited to conduct cross-site scripting attacks. The vulnerability exists due to inadequate protection of the web page structure.

Recommendations For versions prior to 7.6.9, update to version 7.6.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Newsletter plugin to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2023-07998

CVE-2023-27922

Affected Products

Newsletters

PT-2023-6979 · Unknown · Newsletters

CVE-2023-27922

Weakness Enumeration

Related Identifiers

Affected Products

References · 6