CVE-2023-27335 – This is a cross-site scripting (XSS) vulnerabil... (How to Fix)

Q: What is the severity of CVE-2023-27335?

CVE-2023-27335 has a CVSS score of 9.6 (CRITICAL). This is a cross-site scripting (XSS) vulnerability in Softing edgeAggregator client that allows remote attackers to execute arbitrary scripts. When combined with other vulnerabilities, it can lead to remote code execution with root privileges. Users of affected Softing edgeAggregator installations are at risk.

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in Softing edgeAggregator client that allows remote attackers to execute arbitrary scripts. When combined with other vulnerabilities, it can lead to remote code execution with root privileges. Users of affected Softing edgeAggregator installations are at risk.

💻 Affected Systems

Products:

Softing edgeAggregator Client

Versions: Specific versions not specified in CVE description, but likely multiple versions prior to patch

Operating Systems: Not specified, likely cross-platform

Default Config Vulnerable: ⚠️ Yes

Notes: User interaction required (visiting malicious page or opening malicious file)

📦 What is this software?

Edgeaggregator by Softing

View all CVEs affecting Edgeaggregator →

Secure Integration Server by Softing

View all CVEs affecting Secure Integration Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root-level code execution, potentially leading to data theft, system takeover, or lateral movement within the network.

🟠

Likely Case

Session hijacking, credential theft, or client-side data manipulation through XSS payloads.

🟢

If Mitigated

Limited to client-side script execution within browser sandbox if proper input validation and output encoding are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires user interaction and combination with other vulnerabilities for full RCE; basic XSS exploitation is simpler

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available references

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-23-1057/

Restart Required: Yes

Instructions:

1. Check Softing security advisory for patch details 2. Download and apply latest patch from Softing 3. Restart affected services 4. Verify patch application

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and output encoding for all user-supplied parameters

Content Security Policy

all

Implement strict CSP headers to restrict script execution

🧯 If You Can't Patch

Isolate affected systems from internet access
Implement network segmentation and strict access controls

🔍 How to Verify

Check if Vulnerable:

Check Softing edgeAggregator version against vendor advisory; test input parameters for XSS vulnerabilities

Check Version:

Check application version through admin interface or configuration files

Verify Fix Applied:

Verify patch version is installed and test previously vulnerable parameters

📡 Detection & Monitoring

Log Indicators:

Unusual parameter values in web logs
Script tags or JavaScript in input parameters

Network Indicators:

HTTP requests with suspicious parameter values
External script loading attempts

SIEM Query:

web_logs WHERE parameter_value CONTAINS '<script>' OR parameter_value CONTAINS 'javascript:'

📊 Metadata

CVE ID: CVE-2023-27335

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-79

Published: May 3, 2024

Last Updated: August 13, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-1057/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1057/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27335, you might also want to check these: