CVE-2023-21522: XSS
First published: Tue Sep 12 2023(Updated: )
A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account.
Credit: secure@blackberry.com secure@blackberry.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BlackBerry AtHoc | =7.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Blackberry AtHoc Reflected Cross-site Scripting (XSS) vulnerability?
The vulnerability ID for the Blackberry AtHoc Reflected Cross-site Scripting (XSS) vulnerability is CVE-2023-21522.
What is the severity rating of CVE-2023-21522?
CVE-2023-21522 has a severity rating of 6.1, which is considered medium.
How does the Blackberry AtHoc XSS vulnerability work?
The XSS vulnerability in Blackberry AtHoc allows an attacker to execute script commands in the victim's browser, potentially giving them control over the affected user account.
What is the affected software version of Blackberry AtHoc in which CVE-2023-21522 exists?
CVE-2023-21522 exists in Blackberry AtHoc version 7.15.
Is there a fix available for CVE-2023-21522?
To fix CVE-2023-21522, it is recommended to update to a version of BlackBerry AtHoc that is not affected by this vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/blackberry
- canonical/blackberry athoc
- version/blackberry athoc/7.15