Vulnerability CVE-2023-25440


Published: 2023-05-23

Description:
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.

See advisories in our WLB2 database:
Topic
Author
Date
Low
CiviCRM 5.59.alpha1 Cross Site Scripting
Andrea Intilange...
20.05.2023

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://packetstormsecurity.com/files/172470/CiviCRM-5.59.alpha1-Cross-Site-Scripting.html
https://civicrm.org/

Copyright 2024, cxsecurity.com

 

Back to Top