CVE-2023-46948

Name of the Vulnerable Software and Affected Versions Temenos T24 Browser version R19.40

Description A reflected Cross-Site Scripting (XSS) issue was discovered, allowing a remote attacker to execute arbitrary JavaScript code. This is achieved via the skin parameter in the "about.jsp" and "genrequest.jsp" components.

Recommendations For Temenos T24 Browser version R19.40, consider restricting access to the about.jsp and genrequest.jsp components until a patch is available. As a temporary workaround, avoid using the skin parameter in these components to minimize the risk of exploitation.