Platform
php
Component
cve_hub
Fixed in
1.0.1
CVE-2023-5696 is a cross-site scripting (XSS) vulnerability affecting CodeAstro Internet Banking System versions 1.0 through 1.0. This vulnerability allows an attacker to inject malicious scripts into the application, potentially stealing user credentials or performing unauthorized actions. A fix is available in version 1.0.1, and users are strongly encouraged to upgrade immediately.
The XSS vulnerability in CodeAstro Internet Banking System allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can be exploited to steal sensitive user data, such as login credentials, financial information, and personal details. An attacker could also use this vulnerability to redirect users to malicious websites, deface the application, or launch further attacks against the system. The impact is particularly severe given the sensitive nature of internet banking applications and the potential for financial loss.
This vulnerability has been publicly disclosed, and a proof-of-concept exploit is available. The CVSS score is LOW (3.5), indicating a relatively low probability of exploitation in a standard environment. It was published on 2023-10-22. Active exploitation is possible given the public availability of the exploit.
Exploit Status
EPSS
0.09% (26% percentile)
CVSS Vector
The primary mitigation for CVE-2023-5696 is to upgrade to CodeAstro Internet Banking System version 1.0.1 or later. If upgrading is not immediately possible, consider implementing input validation and output encoding on the accountnumber parameter in pagestransfer_money.php. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide a temporary layer of protection. Regularly review and update security policies and procedures to prevent similar vulnerabilities in the future.
Update to a patched version of the Internet Banking System. If no version is available, sanitize the input of the `account_number` parameter in the `pages_transfer_money.php` file to prevent JavaScript code injection. Use XSS-specific escaping functions when displaying data on the page.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-5696 is a cross-site scripting (XSS) vulnerability in CodeAstro Internet Banking System versions 1.0-1.0, allowing attackers to inject malicious scripts.
Yes, if you are using CodeAstro Internet Banking System version 1.0, you are affected by this vulnerability.
Upgrade to CodeAstro Internet Banking System version 1.0.1 or later. Implement input validation and output encoding as a temporary workaround.
The vulnerability has been publicly disclosed and a proof-of-concept exploit is available, indicating a potential for active exploitation.
Refer to the CodeAstro website or security advisories for the official advisory regarding CVE-2023-5696.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.