CVE-2023-7076

Summary

A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug[2]['subject']/bug[2]['text']/report['subject'] leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.14 is able to address this issue. The name of the patch is 83a91ec540072d319dd338abff45f8d5ebf48190. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248848.

Affected Software

VendorProductVersion RangeStatus
slawkensMyAAC0.8.0affected
slawkensMyAAC0.8.1affected
slawkensMyAAC0.8.2affected
slawkensMyAAC0.8.3affected
slawkensMyAAC0.8.4affected
slawkensMyAAC0.8.5affected
slawkensMyAAC0.8.6affected
slawkensMyAAC0.8.7affected
slawkensMyAAC0.8.8affected
slawkensMyAAC0.8.9affected
slawkensMyAAC0.8.10affected
slawkensMyAAC0.8.11affected
slawkensMyAAC0.8.12affected
slawkensMyAAC0.8.13affected

Weaknesses

  • CWE-79: CWE-79 Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References