CVE-2023-4393

Summary

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.

Affected Software

VendorProductVersion RangeStatus
LiquidFiles Pty LtdLiquidFiles0 <= 3.7.13affected

Weaknesses

  • CWE-116: CWE-116 Improper Encoding or Escaping of Output
  • CWE-147: CWE-147: Improper Neutralization of Input Terminators

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References