CVE-2023-49453

Name of the Vulnerable Software and Affected Versions RackTables versions prior to 0.22.0

Description The issue exists due to the lack of protection for the web page structure in the /index.php?page=search component of the RackTables web application for managing data center assets. This allows a remote attacker to exploit the vulnerability and potentially disclose sensitive information. The vulnerability is a reflected cross-site scripting (XSS) issue, which enables local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php.

Recommendations For RackTables versions prior to 0.22.0, consider disabling the search component in index.php until a patch is available to prevent exploitation. Restrict access to the search functionality to minimize the risk of arbitrary code execution and sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.