CVE-2023-42250

The software that is vulnerable is Selesta Visual Access Manager, specifically versions less than 4.42.2. The vulnerability is a Cross Site Scripting (XSS) vulnerability that can be exploited via the /common/autocomplete.php file. This vulnerability has been assigned the CVE identifier CVE-2023-42250. There is a public reference to this vulnerability available at the provided URLs, which may indicate the existence of a public exploit. However, there is no information provided about whether this vulnerability has been actively exploited by attackers or the potential number of internet users that could be affected. The vulnerability can be exploited by sending malicious input to the /common/autocomplete.php file, potentially allowing an attacker to inject and execute arbitrary JavaScript code in a user's browser. #SelestaVisualAccessManager #CrossSiteScripting #XSS #CVE202342250 #Vulnerability #Exploit