Vulnerability Description
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dfir-Iris | Iris | < 2.3.7 |
Related Weaknesses (CWE)
References
- https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7Release Notes
- https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92pVendor Advisory
- https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7Release Notes
- https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92pVendor Advisory
FAQ
What is CVE-2023-50712?
CVE-2023-50712 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-w...
How severe is CVE-2023-50712?
CVE-2023-50712 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-50712?
Check the references section above for vendor advisories and patch information. Affected products include: Dfir-Iris Iris.