XSS redirectUrl/user in TOTVS Fluig 1.6.x-1.8.1 /mobileredir/openApp.jsp
CVE-2023-6275 Published on November 24, 2023
TOTVS Fluig Platform mobileredir openApp.jsp cross site scripting
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.1-231128, 1.8.0-231127 and 1.8.1-231127 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-246104.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update 21 days later.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2023-6275 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2023-6275
Want to know whenever a new CVE is published for Totvs Fluig? stack.watch will email you.
Affected Versions
TOTVS Fluig Platform:- Version 1.6.x is affected.
- Version 1.7.x is affected.
- Version 1.8.0 is affected.
- Version 1.8.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.