Headline
CVE-2023-4090: Cross Site Scripting Xss Vulnerability Widestand Cms Acilia | INCIBE-CERT
Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.
Affected Resources
Widestand CMS, versions 5.3.5 and prior.
Description
INCIBE has coordinated the publication of a vulnerability affecting WideStand CMS, a professional CMS solution developed by Acilia y based on Symfony framework, which has been discovered by Ángel Heredia Pérez, of Telefónica Tech.
The following code has been assigned to this vulnerability:
CVE-2023-4090:
- CVSS v3.1 base score: 5.4.
- CVSS vector string: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N.
- Vulnerability type: CWE-79: CWE-79: improper neutralization of input during web page generation (Cross-site Scripting).
Solution
There is no reported solution at this time.
Detail
CVE-2023-4090: Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.