CVE-2013-5955

Name of the Vulnerable Software and Affected Versions com pbbooking version 2.4

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating an arbitrary parameter in an edit action to administrator/index.php.

Recommendations For version 2.4, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the manage.php file in the com pbbooking component to minimize the risk of exploitation. Avoid using arbitrary parameters in the edit action to administrator/index.php until the issue is resolved.