Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could result in stealing session tokens from users with higher permission levels or forcing users to make actions without their knowledge.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2023-8 | Exploit Third Party Advisory |
https://www.tenable.com/security/research/tra-2023-8 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.tenable.com/security/research/tra-2023-8 - Exploit, Third Party Advisory |
Information
Published : 2023-02-28 17:15
Updated : 2024-11-21 07:52
NVD link : CVE-2023-27294
Mitre link : CVE-2023-27294
CVE.ORG link : CVE-2023-27294
JSON object : View
Products Affected
opencats
- opencats
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')