CVE-2023-50609

Name of the Vulnerable Software and Affected Versions AVA teaching video application service platform version 3.1

Description The issue allows remote attackers to execute arbitrary code via a crafted script to the "ajax.aspx" endpoint. This is a Cross Site Scripting (XSS) vulnerability, which enables attackers to inject malicious scripts into content from otherwise trusted websites.

Recommendations For AVA teaching video application service platform version 3.1, consider disabling access to the "ajax.aspx" endpoint until a patch is available. As a temporary workaround, restrict the execution of arbitrary code in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.