CVE-2023-27925

Summary

Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.

Affected Software

VendorProductVersion RangeStatus
Vektor,Inc.VK Blocks and VK Blocks ProVK Blocks 1.53.0.1 and earlier, and VK Blocks Pro 1.53.0.1 and earlieraffected

Weaknesses

  • Cross-site scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References