CVE-2023-25295

Name of the Vulnerable Software and Affected Versions GRUEN eVEWA3 Community versions 31 through 53

Description A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php allows attackers to obtain escalated privileges via a crafted request to the "login panel".

Recommendations For versions 31 through 53, as a temporary workaround, consider restricting access to the evewa3ajax.php file until a patch is available. Avoid using the vulnerable login panel functionality in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.