PT-2024-14314 · Unknown · React-Dashboard

Kelsey Tian

Published

2024-01-30

Updated

2024-02-05

CVE-2023-51843

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions react-dashboard version 1.4.0

Description The issue is related to Cross Site Scripting (XSS) due to the httpOnly flag not being set. This allows an attacker to potentially inject malicious scripts into a user's session.

Recommendations For react-dashboard version 1.4.0, set the httpOnly flag to prevent XSS attacks. As a temporary workaround, consider implementing additional security measures to restrict the execution of scripts.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-51843

Affected Products

React-Dashboard

PT-2024-14314 · Unknown · React-Dashboard

CVE-2023-51843

Weakness Enumeration

Related Identifiers

Affected Products

References · 7