Alexanderlivanov · Fotoscms2 · CVE-2023-5837
**Name of the Vulnerable Software and Affected Versions**
AlexanderLivanov FotosCMS2 versions up to 2.4.3
**Description**
A problematic vulnerability was found in the Cookie Handler component of the file profile.php, where the manipulation of the `username` argument leads to cross-site scripting. The attack can be initiated remotely.
**Recommendations**
For AlexanderLivanov FotosCMS2 versions up to 2.4.3, consider disabling the `username` argument in the profile.php file of the Cookie Handler component as a temporary workaround until a patch is available. Restrict access to the profile.php file to minimize the risk of exploitation.