CVE-2023-27335 HIGH

CVE-2023-27335: Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability

Vendor Softing
Product edgeAggregator
Weakness CWE-79 · XSS
Published May 3, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the input parameters provided to the edgeAggregetor client. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20504.

Key dates

02Disclosure timeline

May 3, 2024 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-1136 lcg0124 BootDo ContentController save cross site scripting CVE-2020-3349 Cisco Data Center Network Manager Cross-Site Scripting Vulnerabilities CVE-2025-14053 Travel Bucket List <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2024-43994 WordPress Kahuna theme <= 1.7.0 - Cross Site Scripting (XSS) vulnerability CVE-2026-42681 WordPress e2pdf plugin <= 1.32.14 - Reflected Cross Site Scripting (XSS) vulnerability