HTML Injection and XSS Vulnerabilities in Opswat Metadefender Core
CVE-2023-25364

Currently unrated

Key Information:

Vendor: Opswat
Vendor: CVE Published:; 27 March 2024

What is CVE-2023-25364?

Opswat Metadefender Core, prior to version 5.2.1, is susceptible to vulnerabilities that permit HTML injection and cross-site scripting (XSS) attacks. These vulnerabilities could allow an attacker to execute arbitrary scripts in the context of a user’s browser session. The risks associated with such vulnerabilities can lead to unauthorized access, data theft, and further exploitation of the affected systems. It is imperative for users of Metadefender Core to apply the necessary updates to mitigate these security issues.

References

https://docs.opswat.com/mdcore/release-notes/archived-rel...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Feb 6, 2023