Cross-Site Scripting Vulnerability in JD-GUI Java Decompiler
CVE-2023-26235

6.1MEDIUM

Key Information:

Vendor

Jd-gui Project

Status
Jd-gui
Vendor
CVE Published:
21 February 2023

What is CVE-2023-26235?

A Cross-Site Scripting (XSS) vulnerability exists in JD-GUI version 1.6.6, which could allow attackers to inject malicious scripts through the 'util/net/InterProcessCommunicationUtil.java' file. This flaw can lead to unauthorized access to user sessions and compromise sensitive information.

References

https://github.com/java-decompiler/jd-gui/pull/418

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-26235 : Cross-Site Scripting Vulnerability in JD-GUI Java Decompiler