CVE-2023-54343
Persistent Cross-Site Scripting in QWE DL 2.0.1 Mobile App
Publication date: 2026-02-01
Last updated on: 2026-02-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qwe | qwe_dl | to 2.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-54343 is a persistent cross-site scripting (XSS) vulnerability in the QWE DL 2.0.1 mobile web application. It occurs due to improper input validation of the 'path' parameter, allowing remote attackers to inject malicious script code persistently by manipulating folder path names. This malicious code is stored and executed when users access affected pages, such as index or subfolder interfaces, enabling attackers to perform actions like session hijacking and manipulation of application modules. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to session hijacking, allowing attackers to take over user sessions. It also enables persistent phishing attacks, external redirects to malicious sites, and manipulation of connected application modules. Overall, it compromises the security and integrity of the application and its users by executing malicious scripts within the app environment. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crafted POST requests to the /create endpoint containing malicious script code in the 'path' parameter. A detection approach involves capturing and inspecting HTTP POST traffic to identify suspicious payloads attempting to inject scripts via the 'path' parameter. For example, using a network tool like curl or a proxy to send or detect such requests: curl -X POST -d 'path=<script>alert(1)</script>' https://target-app/create. Additionally, reviewing application logs for unusual folder creation requests with script tags in the path parameter can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying input validation and sanitization on the 'path' parameter to prevent script injection. If a patch or update is available from the vendor, apply it promptly. Until a fix is applied, restrict access to the /create endpoint to trusted users or networks, and monitor for suspicious POST requests. Additionally, educating users about the risk and disabling or limiting folder creation functionality may reduce exposure. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.