Lucene search

MitreVULNRICHMENT:CVE-2023-48985

HistoryFeb 14, 2024 - 12:00 a.m.

CVE-2023-48985

2024-02-1400:00:00

mitre

github.com

cu solutions group

content management system

xss vulnerability

remote attacker

arbitrary code

privilege escalation

sensitive information

AI Score

6.2

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component.

References

www.lmgsecurity.com/news/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher-immediate-action-recommended/