CVE-2023-2848
First published: Thu Sep 14 2023(Updated: )
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.
Credit: report@snyk.io report@snyk.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Movim Movim | <0.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2023-2848.
What is the severity level of CVE-2023-2848?
CVE-2023-2848 has a severity level of high.
What is the affected software version of CVE-2023-2848?
Movim prior to version 0.22 is affected by CVE-2023-2848.
What is the impact of CVE-2023-2848?
CVE-2023-2848 allows for Cross-Site WebSocket Hijacking, potentially leading to unauthorized access and data exposure.
How can I mitigate the vulnerability in Movim version 0.22?
To mitigate the vulnerability in Movim version 0.22, update to a version that includes the fixes mentioned in the references provided.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/severity
- agent/event
- agent/type
- agent/weakness
- agent/author
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/movim
- canonical/movim movim