Code Injection Vulnerability in Spectra (Basic XSS)
CVE-2023-23735
6.1MEDIUM
Summary
A vulnerability in Brainstorm Force's Spectra product permits code injection through improper neutralization of script-related HTML tags. This security issue allows attackers to exploit web applications by injecting malicious scripts into user interfaces, leading to potential unauthorized access and manipulation of data. Affected versions of Spectra from n/a to 2.3.0 are susceptible, making it critical for developers and site administrators to address this flaw to safeguard their applications against exploitation.
Affected Version(s)
Spectra <= 2.3.0
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dave Jong (Patchstack)