CVE-2019-7660

Name of the Vulnerable Software and Affected Versions PHPMyWind version 5.5

Description A stored Cross-site Scripting (XSS) issue was found. The username parameter of the "/install/index.php" page is vulnerable. This can be demonstrated via the "admin/login.php" page.

Recommendations For PHPMyWind version 5.5, consider restricting access to the "/install/index.php" page and avoid using the username parameter until a fix is available. As a temporary workaround, restrict the use of the vulnerable page to minimize the risk of exploitation.