CVE-2022-4957

Name of the Vulnerable Software and Affected Versions librespeed speedtest versions up to 5.2.4

Description A vulnerability was found in an unknown functionality of the file results/stats.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. Upgrading to version 5.2.5 is able to address this issue.

Recommendations For versions up to 5.2.4, upgrade to version 5.2.5 to address the issue. As a temporary workaround, consider restricting access to the results/stats.php file until the upgrade is applied. Avoid using the id argument in the affected functionality until the issue is resolved.