CVE-2023-4090 MEDIUM

CVE-2023-4090: Cross-Site Scripting (XSS) vulnerability on WideStand CMS of Acilia

Vendor Acilia
Product Widestand CMS
Weakness CWE-79 · XSS
Published October 4, 2023
Last update September 5, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.

Key dates

02Disclosure timeline

October 4, 2023 CVE published
September 5, 2024 Record updated