CVE-2023-26445|Frontend themes are defined by... - VULHUB开源网络安全威胁库

Frontend themes are defined by... CVE-2023-26445

- AV AC AU C I A

发布： 2023-08-02

修订： 2024-01-12

Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the theme value and use a default fallback if no theme matches. No publicly available exploits are known.

漏洞利用/PoC

当前有1条漏洞利用/PoC

受影响的平台与产品

当前有1条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™

Frontend themes are defined by... CVE-2023-26445

漏洞利用/PoC

受影响的平台与产品

贡献用户

相关漏洞清单查看更多>

Frontend themes are defined by... CVE-2023-26445

漏洞利用/PoC

受影响的平台与产品

贡献用户

相关漏洞清单 查看更多>

相关漏洞清单查看更多>