Cross Site Scripting Flaw in ZenTao Biz by ZenTao
CVE-2023-46491

6.1MEDIUM

Key Information:

Vendor: Zentao
Status: Biz
Vendor: CVE Published:; 27 October 2023

What is CVE-2023-46491?

ZenTao Biz version 4.1.3 and prior versions are susceptible to a Cross Site Scripting (XSS) vulnerability within the Version Library. This flaw allows attackers to inject malicious scripts, potentially compromising user sessions and leading to unauthorized access or data manipulation. It is important for users of affected versions to apply necessary security updates to mitigate this risk.

References

https://foremost-smash-52a.notion.site/Zentao-Authorized-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2023
Vulnerability Reserved
Oct 23, 2023

JSON