CVE-2023-27121

Name of the Vulnerable Software and Affected Versions Pleasant Password Server version 7.11.41.0

Description A cross-site scripting (XSS) issue exists in the /framework/cron/action/humanize component, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the cronString parameter.

Recommendations For version 7.11.41.0, consider disabling access to the /framework/cron/action/humanize component until a patch is available. As a temporary workaround, restrict the use of the cronString parameter in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.