CVE-2023-4382 LOW

CVE-2023-4382: tdevs Hyip Rio Profile Settings settings cross site scripting

Vendor Tdevs
Product Hyip Rio
Weakness CWE-79 · XSS
Published August 16, 2023
Last update November 21, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

August 16, 2023 CVE published
November 21, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-11764 Solar Wizard Lite <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-46228 WordPress Event post plugin <= 5.9.11 - Cross Site Scripting (XSS) Vulnerability CVE-2025-62411 Stored XSS in Alert Transport name field in LibreNMS CVE-2025-58001 WordPress Compact Archives plugin <= 4.1.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-4695 Move Addons for Elementor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets