High severity7.3NVD Advisory· Published Dec 22, 2023· Updated Jun 17, 2026
CVE-2023-50924
CVE-2023-50924
Description
Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user's context. This vulnerability enables an authenticated user to inject Javascript into other user's sessions. The injected JS will be executed during normal usage of the system when viewing, e.g., overview pages. This issue has been fixed in version 3.4.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.4.1+ 1 more
- (no CPE)range: <3.4.1
- (no CPE)range: < 3.4.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.