CVE Catalog

CVE-2023-4534

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.49%

38th percentile — higher than 38% of all known CVEs

Summary

A vulnerability was found in the NeoMind Fusion Platform up to version 20230731, allowing cross site scripting (XSS) attacks through manipulation of the link argument in the /fusion/portal/action/Link file. The attack can be executed remotely.

Risk Assessment

This vulnerability may lead to unauthorized access to user data and allow attackers to execute malicious code in the victim's browser context.

Recommendation

It is recommended to update the NeoMind Fusion Platform to the latest version to mitigate this vulnerability and to monitor systems for potential XSS attacks.

Original NVD description (English source)

A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS