CVE-2023-29049
CVSS V2 None
CVSS V3 None
Description
The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known.
Overview
- CVE ID
- CVE-2023-29049
- Assigner
- OX
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-08T08:51:36.992Z
- Last Modified Date
- 2024-01-12T07:06:48.514Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-29049 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29049 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-25 04:18:31 | Added to TrackCVE |