CVE-2023-3970

Name of the Vulnerable Software and Affected Versions GZ Scripts Availability Booking Calendar PHP version 1.0

Description A problematic issue was found in the Image Handler component, affecting the /index.php?controller=GzUser&action=edit&id=1 file. The manipulation of the img argument leads to cross-site scripting. This issue can be exploited remotely.

Recommendations For GZ Scripts Availability Booking Calendar PHP version 1.0, consider disabling the img argument in the /index.php?controller=GzUser&action=edit&id=1 file as a temporary workaround until a patch is available. Restrict access to the Image Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.