Description

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

Remediation

References

CVE-2023-5544

Related Vulnerabilities

Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3518)

WordPress Plugin Synchi Arbitrary File Deletion (5.1)

WordPress Plugin Admin renamer extended Cross-Site Scripting (3.2)

Joomla! Core 1.5.x Multiple Cross-Site Scripting Vulnerabilities (1.5.0 - 1.5.20)

ReviveAdserver Improper Access Control Vulnerability (CVE-2015-7367)

Severity

Medium

Classification

CVE-2023-5544 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities