| Mitre ID |
CVE-2023-29454 |
| CVSS score |
5.4 |
| Severity |
Medium |
| Summary |
Persistent XSS in the user form |
| Description |
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages. |
| Known attack vectors |
Vulnerability was found on “Users” section in “Media” tab in “Send to” form field. When new media is created with malicious code included into field “Send to” then it will execute when editing the same media. |
| Patch provided |
No |
| Component/s |
Frontend |
| Affected version/s and fix version/s |
- Affected: 4.0.45, 5.0.33, 6.0.16
- Fix: 4.0.46rc1, 5.0.35rc1, 6.0.18rc1
|
| Fix compatibility tests |
|
| Resolution |
Fixed |
| Workarounds |
None |
| Acknowledgements |
- |
|