CVE-2023-53938

Name of the Vulnerable Software and Affected Versions RockMongo version 1.1.7

Description RockMongo 1.1.7 contains a stored cross-site scripting issue that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit this by submitting crafted payloads in the database, collection, and login parameters, leading to the execution of arbitrary JavaScript in a victim’s browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.