Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cookies and force users to make actions without their knowledge.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.tenable.com/security/research/tra-2023-8 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: tenable
Published: 2023-02-28T00:00:00
Updated: 2024-08-02T12:09:42.922Z
Reserved: 2023-02-27T00:00:00
Link: CVE-2023-27293
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-02-28T17:15:11.427
Modified: 2023-03-09T23:57:51.313
Link: CVE-2023-27293
Redhat
No data.