Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-7509-5b734-1.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2023-11-03T04:11:29.131Z
Updated: 2024-09-05T13:59:35.463Z
Reserved: 2023-08-29T00:11:47.811Z
Link: CVE-2023-41343
Vulnrichment
Updated: 2024-08-02T19:01:35.315Z
NVD
Status : Modified
Published: 2023-11-03T05:15:29.583
Modified: 2024-11-21T08:21:06.760
Link: CVE-2023-41343
Redhat
No data.