Platform
php
Component
cve_hub
Fixed in
1.0.1
CVE-2023-5697 is a problematic cross-site scripting (XSS) vulnerability affecting CodeAstro Internet Banking System versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user accounts and sensitive data. A fix is available in version 1.0.1, and the vulnerability details have been publicly disclosed.
The vulnerability lies within the pageswithdrawmoney.php file, specifically in how it handles the accountnumber parameter. An attacker can craft a malicious URL containing a specially crafted accountnumber value (e.g., 287359614--><ScRiPt>alert(1234)</ScRiPt><!--) that, when processed by the application, will execute arbitrary JavaScript code in the user's browser. This could lead to session hijacking, redirection to phishing sites, or the theft of sensitive information like login credentials and financial details. The impact is particularly severe given the context of an internet banking system, where users entrust sensitive financial data.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. While the CVSS score is LOW, the potential impact on users of an internet banking system is significant. No KEV listing or active exploitation campaigns are currently known, but the public disclosure makes it a priority for remediation. The vulnerability was published on 2023-10-22.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to version 1.0.1 of CodeAstro Internet Banking System, which contains the fix for this vulnerability. If upgrading immediately is not possible, consider implementing input validation and sanitization on the accountnumber parameter to prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Monitor application logs for suspicious activity, particularly requests containing unusual characters or patterns in the accountnumber parameter.
Update to a patched version of the CodeAstro Internet Banking System. Contact the vendor for the corrected version or apply necessary security measures to prevent code injection (XSS) in the account_number field of the pages_withdraw_money.php file. Validate and escape user inputs to prevent the execution of malicious scripts.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-5697 is a cross-site scripting (XSS) vulnerability in CodeAstro Internet Banking System versions 1.0-1.0, allowing attackers to inject malicious scripts.
Yes, if you are using CodeAstro Internet Banking System version 1.0 or 1.0, you are potentially affected by this vulnerability.
Upgrade to version 1.0.1 of CodeAstro Internet Banking System to remediate the vulnerability. Implement input validation and WAF rules as temporary measures.
While no active exploitation campaigns are currently known, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to CodeAstro's official website or security advisory channels for the latest information and updates regarding CVE-2023-5697.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.