-
Defect (Security)
-
Resolution: Fixed
-
Minor
-
4.0.45
| Mitre ID | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29457 |
| CVSS score | 6.3 |
| Severity | Medium |
| Summary | Insufficient validation of Action form input fields |
| Description | Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts. |
| Known attack vectors | Using reflected XSS session cookies could be revealed, enabling a perpetrator to impersonate valid users and abuse their private accounts. |
| Patch provided | No |
| Component/s | Frontend |
| Affected version/s and fix version/s | · Affected: 4.0.45, 5.0.34, 6.0.17 · Fix: 4.0.46rc1, 5.0.35rc1, 6.0.18rc1 |
| Fix compatibility tests | - |
| Resolution | Fixed |
| Workarounds | - |
| Acknowledgements | - |
- duplicates
-
-
- Closed
-