CVE-2023-1635 LOW

CVE-2023-1635: OTCMS apiRun.php AutoRun cross site scripting

Vendor N/A

Product OTCMS

Weakness CWE-79 · XSS

Published March 25, 2023

Last update February 14, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was assigned to this vulnerability.

Key dates

02Disclosure timeline

March 25, 2023 CVE published

February 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-1635

Related vulnerabilities

04Related CVE

CVE-2024-51677 WordPress Knowledge Base plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability CVE-2025-26912 WordPress Easy Elementor Addons plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability CVE-2025-58623 WordPress Event Feed for Eventbrite Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability CVE-2022-1717 Custom Share Buttons with Floating Sidebar < 4.2 - Admin+ Stored XSS CVE-2025-23604 WordPress Rezdy Reloaded plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability