CVE-2023-4090: Cross-Site Scripting (XSS) vulnerability on WideStand CMS of Acilia
First published: Wed Oct 04 2023(Updated: )
Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.
Credit: cve-coordination@incibe.es
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NI VeriStand | <=5.3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-4090?
The severity of CVE-2023-4090 is medium with a severity value of 6.1.
What is the vulnerability in WideStand until version 5.3.5?
The vulnerability is a Cross-site Scripting (XSS) reflected vulnerability that allows an attacker to inject HTML/Javascript code into the response.
What software versions are affected by CVE-2023-4090?
WideStand versions up to and including 5.3.5 are affected by CVE-2023-4090.
How can an attacker exploit CVE-2023-4090?
An attacker can exploit CVE-2023-4090 by injecting HTML/Javascript code into the response of WideStand.
Is there a fix available for CVE-2023-4090?
Currently, there is no information available regarding a fix for CVE-2023-4090. It is recommended to follow the provided reference for updates and mitigation steps.
- agent/author
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/acilia
- canonical/ni veristand
- version/ni veristand/5.3.5