CVE-2023-36138

Name of the Vulnerable Software and Affected Versions PHPJabbers Cleaning Business Software version 1.0

Description The issue is related to Cross Site Scripting (XSS) via the theme parameter of the "preview.php" endpoint. This allows for potential malicious script injection. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For PHPJabbers Cleaning Business Software version 1.0, consider restricting access to the "preview.php" endpoint until a patch is available. As a temporary workaround, avoid using the theme parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.