JavaScript Injection and Privilege Escalation in Pacparser before 1.4.2

JavaScript Injection and Privilege Escalation in Pacparser before 1.4.2

CVE-2023-37360 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

Learn more about our Web Application Penetration Testing UK.