CVE-2023-27925 Information

Description

Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.

Reference

https://www.vektor-inc.co.jp/product-update/vk-blocks-exunit-xss/ https://jvn.jp/en/jp/JVN95792402/