CVE-2002-2044

Name of the Vulnerable Software and Affected Versions x-stat versions 2.3 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a parameter to the 'phpinfo' action. This can be exploited by sending a malicious request to the vulnerable API endpoint.

Recommendations For versions 2.3 and earlier, as a temporary workaround, consider restricting access to the 'x stat admin.php' file until a patch is available. Avoid using the parameter related to the 'phpinfo' action in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.