CVE-2023-0840

Name of the Vulnerable Software and Affected Versions PHPCrazy version 1.1.1

Description A problematic vulnerability was found in PHPCrazy, affecting the file "admin/admin.php?action=users&mode=info&user=2". The manipulation of the username argument leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For PHPCrazy version 1.1.1, as a temporary workaround, consider restricting access to the "admin/admin.php?action=users&mode=info&user=2" endpoint until a patch is available. Avoid using the username argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.