PT-2023-18819 · Craig Rodway · Classroombookings
Enferas
·
Publicado
2023-01-20
·
Atualizado
2023-01-28
·
CVE-2023-23012
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
craigrodway classroombookings version 2.6.4
Description
The issue is related to a Cross Site Scripting (XSS) vulnerability, which allows attackers to execute arbitrary code or cause other unspecified impacts. This is achieved via the input
bgcol in the file Weeks.php.Recommendations
For version 2.6.4, consider restricting access to the
bgcol input in the Weeks.php file until a patch is available. As a temporary workaround, avoid using the bgcol input to minimize the risk of exploitation.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Classroombookings