CVE-2018-25080

Name of the Vulnerable Software and Affected Versions MobileDetect version 2.8.31

Description A problematic issue has been found in MobileDetect, affecting the initLayoutType function of the examples/session example.php file in the Example component. The manipulation of the argument $ SERVER['PHP SELF'] leads to cross-site scripting. The attack can be initiated remotely, and the exploit has been disclosed to the public.

Recommendations To address this issue, upgrade to version 2.8.32. As a temporary workaround, consider restricting access to the initLayoutType function until the update is applied. Additionally, be cautious when using the $ SERVER['PHP SELF'] argument in the affected component to minimize the risk of exploitation.