CVE-2023-3789
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk40th percentile — higher than 40% of all known CVEs
Summary
A vulnerability was found in PaulPrinting CMS 2018 that allows cross site scripting (XSS) attacks by manipulating the argument 's' in the /account/delivery file of the Search component. The attack can be executed remotely.
Risk Assessment
This vulnerability may lead to user data theft and session hijacking, posing a serious threat to the application's security and the organization's data.
Recommendation
It is recommended to update PaulPrinting CMS to the latest version to mitigate this vulnerability and implement additional protections against XSS attacks.
Original NVD description (English source)
A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Affected is an unknown function of the file /account/delivery of the component Search. The manipulation of the argument s leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235056.

