PT-2024-14378 · Gestsup · Gestsup
Sopalinge
·
Published
2024-02-12
·
Updated
2025-05-09
·
CVE-2023-52059
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Gestsup version 3.2.46
Description
A cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
Description text field.Recommendations
For Gestsup version 3.2.46, consider disabling the Description text field until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to this field to minimize the risk of arbitrary web script execution.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gestsup