CVE-2023-38582 Information

Description

UNSUPPPORTED WHEN ASSIGNED

Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application the XSS payload will be executed.

Reference

https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03