How severe is CVE-2023-48226?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2023-48226?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2023-48226 - LOW Severity | CVSS 3.5

Vulnerability Description

OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings (for registration looks like validation is correct), a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for example. Email is really send from OpenReplay, but bad actors can add there HTML code injected (content spoofing). Please notice that during Registration steps for FullName looks like is validated correct - can not type there, but using this kind of bypass/workaround - bad actors can achieve own goal. As of time of publication, no known fixes or workarounds are available.

Related Vulnerabilities

CVE-2016-1763

LOW

CVSS:3.5(Low)

Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a...

CWE-202016

CVE-2016-8535

LOW

CVSS:3.5(Low)

A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.

CWE-202016

CVE-2016-8651

LOW

CVSS:3.5(Low)

An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access t...

CWE-202016

CVE-2017-7517

LOW

CVSS:3.5(Low)

An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject...

CWE-202017

CVE-2019-4271

LOW

CVSS:3.5(Low)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

CWE-202019

CVE-2019-5461

LOW

CVSS:3.5(Low)

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This ...

CWE-202019