CVE-2023-3784
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
A vulnerability was found in Dooblou WiFi File Explorer version 1.13.3 that leads to cross-site scripting (XSS) attacks through manipulation of the search, order, download, or mode arguments. The attack can be launched remotely.
Risk Assessment
This vulnerability may allow attackers to inject malicious JavaScript code, potentially leading to user data theft or session hijacking. The public disclosure of the exploit increases the risk of this vulnerability being exploited.
Recommendation
It is recommended to update Dooblou WiFi File Explorer to the latest version to mitigate this vulnerability. Additionally, monitor application logs for suspicious activities.
Original NVD description (English source)
A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument search/order/download/mode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235051.

