CVE-2023-33829
Description
A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in SCM Manager 1.2-1.60 allows authenticated users with write permissions to inject arbitrary scripts via the Description field.
Vulnerability
SCM Manager versions 1.2 through 1.60 contain a stored cross-site scripting (XSS) vulnerability in the Description text field of repositories, user display names, and groups. An attacker with write permissions can inject malicious scripts that are stored on the server and executed when viewed by other users [2].
Exploitation
An authenticated user with write permissions can inject a payload such as `` into the Description field when creating or editing a repository, user display name, or group. The payload is stored and triggers in the browser of any user viewing the affected entity [2].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser, leading to potential data theft, session hijacking, or defacement [2].
Mitigation
The vulnerability is fixed in SCM Manager versions beyond 1.60. Users should upgrade to the latest version. No workaround is available [2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cloudogu GmbH/SCM Managerdescription
- Range: >=1.2, <=1.60
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.