Platform
php
Component
cve_hub
Fixed in
1.0.1
CVE-2023-5698 is a problematic cross-site scripting (XSS) vulnerability discovered in CodeAstro Internet Banking System version 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially stealing user credentials or performing unauthorized actions. The vulnerability impacts the pagesdepositmoney.php file and is fixed in version 1.0.1.
An attacker can exploit this XSS vulnerability by injecting malicious JavaScript code through the accountnumber parameter in the pagesdeposit_money.php file. Successful exploitation allows the attacker to execute arbitrary code within the context of the user's browser session. This could lead to the theft of sensitive information like login credentials, session cookies, and financial data. The attacker could also redirect users to phishing sites or deface the website. Given the nature of internet banking systems, the potential impact is significant, potentially leading to financial loss and reputational damage for the affected organization.
This vulnerability has been publicly disclosed and a proof-of-concept may be available. The CVSS score is LOW (3.5), suggesting that exploitation may require specific conditions or user interaction. It is not currently listed on the CISA KEV catalog. Further monitoring is recommended to assess the likelihood of active exploitation.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2023-5698 is to upgrade to version 1.0.1 of CodeAstro Internet Banking System. If upgrading immediately is not possible, implement input validation and sanitization on the accountnumber parameter to prevent the injection of malicious code. This should include strict whitelisting of allowed characters and escaping any potentially dangerous characters. Consider implementing a Web Application Firewall (WAF) with rules to detect and block XSS attempts targeting the pagesdeposit_money.php file. Regularly scan the application for XSS vulnerabilities using automated tools.
Update to a patched version of the Internet Banking System. If no version is available, filter user input in the `account_number` parameter in the `pages_deposit_money.php` file to prevent the execution of malicious JavaScript code. Implement input validation and sanitization to prevent XSS attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-5698 is a cross-site scripting (XSS) vulnerability in CodeAstro Internet Banking System 1.0, allowing attackers to inject malicious scripts.
You are affected if you are using CodeAstro Internet Banking System version 1.0. Upgrade to 1.0.1 to resolve the issue.
Upgrade to version 1.0.1. Implement input validation and sanitization as a temporary workaround.
The vulnerability has been publicly disclosed, and exploitation is possible. Monitor for suspicious activity.
Refer to CodeAstro's official website or security advisories for the latest information regarding CVE-2023-5698.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.