| |
Vulnerability CVE-2023-25440
Published: 2023-05-23
| Description: |
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. |
See advisories in our WLB2 database: | Topic | Author | Date |
Low |
| Andrea Intilange... | 20.05.2023 |
Type:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References: |
https://packetstormsecurity.com/files/172470/CiviCRM-5.59.alpha1-Cross-Site-Scripting.html
https://civicrm.org/
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
