CVE-2023-29049

CVSS V2 None CVSS V3 None
Description
The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known.
Overview
  • CVE ID
  • CVE-2023-29049
  • Assigner
  • OX
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-01-08T08:51:36.992Z
  • Last Modified Date
  • 2024-01-12T07:06:48.514Z
History
Created Old Value New Value Data Type Notes
2024-06-25 04:18:31 Added to TrackCVE