logo

Database

Server side cross-site scripting In evolutioncms/evolution

Description

Evolution CMS Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-433412. NVD-2023-433413. OSV-2023-433414. GCVE-2023-43341

References

1. https://github.com/sromanhu/CVE-2023-43341-Evolution-Reflected-XSS---Installation-Connection-2. https://github.com/sromanhu/Evolution-Reflected-XSS---Installation-Connection-

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.