Headline
CVE-2023-29457: [ZBX-22988] Insufficient validation of Action form input fields (CVE-2023-29457)
Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim’s browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.
Mitre ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29457
CVSS score
6.3
Severity
Medium
Summary
Insufficient validation of Action form input fields
Description
Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim’s browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.
Known attack vectors
Using reflected XSS session cookies could be revealed, enabling a perpetrator to impersonate valid users and abuse their private accounts.
Patch provided
No
Component/s
Frontend
Affected version/s and fix version/s
· Affected: 4.0.45, 5.0.34, 6.0.17
· Fix: 4.0.46rc1, 5.0.35rc1, 6.0.18rc1
Fix compatibility tests
-
Resolution
Fixed
Workarounds
-
Acknowledgements
-