PT-2023-25004 · Unknown · Simplephpscripts Guestbook Script
Skalvin
·
Published
2023-06-30
·
Updated
2024-05-17
·
CVE-2023-3476
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SimplePHPscripts GuestBook Script version 2.2
Description
A vulnerability was found in the SimplePHPscripts GuestBook Script, affecting an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely.
Recommendations
For SimplePHPscripts GuestBook Script version 2.2, it is recommended to upgrade the affected component. As a temporary workaround, consider restricting access to the preview.php file until a patch is available. Avoid using the vulnerable URL Parameter Handler component in the preview.php file until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simplephpscripts Guestbook Script