CVE-2023-30417

Name of the Vulnerable Software and Affected Versions Pear-Admin-Boot versions up to 2.0.2

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message. This enables attackers to potentially manipulate the web application's behavior or steal user data.

Recommendations For Pear-Admin-Boot versions up to 2.0.2, as a temporary workaround, consider restricting the ability to inject payloads into the Title of private messages until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.