CVE-2023-43340
MEDIUMEvolution <3.2.3 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters
Exploits (1)
nomisec
WRITEUP
by sromanhu · poc
https://github.com/sromanhu/-CVE-2023-43340-Evolution-Reflected-XSS---Installation-Admin-Options
Scores
CVSS v3
5.2
EPSS
0.0126
EPSS Percentile
79.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
evo/evolution_cms
3.2.3
evolutioncms/evolution
0Packagist
Published
Oct 19, 2023
Tracked Since
Feb 18, 2026