CVE Catalog

CVE-2023-3784

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.51%

39th percentile — higher than 39% of all known CVEs

Summary

A vulnerability was found in Dooblou WiFi File Explorer version 1.13.3 that leads to cross-site scripting (XSS) attacks through manipulation of the search, order, download, or mode arguments. The attack can be launched remotely.

Risk Assessment

This vulnerability may allow attackers to inject malicious JavaScript code, potentially leading to user data theft or session hijacking. The public disclosure of the exploit increases the risk of this vulnerability being exploited.

Recommendation

It is recommended to update Dooblou WiFi File Explorer to the latest version to mitigate this vulnerability. Additionally, monitor application logs for suspicious activities.

Original NVD description (English source)

A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument search/order/download/mode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235051.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS