HTML Injection Vulnerability in SpringbootCMS 1.0 Allows for Remote Code Execution and Cookie Theft

HTML Injection Vulnerability in SpringbootCMS 1.0 Allows for Remote Code Execution and Cookie Theft

CVE-2023-43191 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft

Learn more about our Cms Pen Testing.