CVE-2023-33764 in simpleRedakinfo

Summary

by MITRE • 06/01/2023

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component #/de/casting/show/detail/.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 01/06/2026

The vulnerability identified as CVE-2023-33764 represents a critical stored cross-site scripting flaw within the simpleRedak content management system developed by eMedia Consulting. This vulnerability specifically affects versions up to v2.47.23.05 and resides within the casting show detail component accessible via the url path #/de/casting/show/detail/. The stored nature of this XSS vulnerability means that malicious input submitted by an attacker can be permanently stored on the server and subsequently executed in the context of other users' browsers when they access the affected page. This creates a persistent threat vector where attackers can inject malicious scripts that execute automatically for unsuspecting users.

The technical flaw manifests through improper input validation and output encoding mechanisms within the casting detail page component. When users submit data through the casting management interface, the application fails to adequately sanitize or escape user-supplied content before storing it in the database. This allows attackers to inject malicious javascript code, html tags, or other malicious payloads that are then rendered when other users view the casting details page. The vulnerability operates at the application layer and leverages the trust relationship between the web application and its users, making it particularly dangerous as it can bypass standard browser security mechanisms.

The operational impact of this vulnerability extends beyond simple script execution, potentially enabling attackers to perform session hijacking, deface the application, steal sensitive user data, or redirect users to malicious websites. An attacker who successfully exploits this vulnerability could gain access to user sessions, modify content, or even escalate privileges within the system. The stored nature of the vulnerability means that the malicious payload persists even after the initial injection, making it particularly dangerous for long-term attacks. This vulnerability affects the integrity and availability of the application, potentially compromising the entire content management system and any associated user data.

Organizations utilizing simpleRedak versions up to v2.47.23.05 should immediately implement mitigations including updating to the latest available version that contains the patched XSS vulnerability. The fix typically involves implementing proper input validation, output encoding, and content security policies to prevent malicious code execution. Additionally, administrators should implement web application firewalls to monitor for suspicious input patterns and conduct thorough security audits of user input handling mechanisms. From a cybersecurity perspective, this vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws, and may be categorized under ATT&CK technique T1566 for initial access through malicious content. The vulnerability also represents a failure in secure coding practices and demonstrates the critical importance of input sanitization and output encoding in web applications to prevent such persistent security flaws.

Reservation

05/22/2023

Disclosure

06/01/2023

Moderation

accepted

CPE

ready

EPSS

0.00475

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!