CVE-2023-43456

Name of the Vulnerable Software and Affected Versions Service Provider Management System version 1.0

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename, and lastname parameters in the "/php-spms/admin/?page=user" endpoint.

Recommendations For Service Provider Management System version 1.0, consider disabling access to the "/php-spms/admin/?page=user" endpoint until a patch is available. As a temporary workaround, restrict the use of the firstname, middlename, and lastname parameters in this endpoint to minimize the risk of exploitation.