PT-2023-25524 · Phpjabbers · Phpjabbers Document Creator
Published
2023-08-10
·
Updated
2023-08-11
·
CVE-2023-36309
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PHPJabbers Document Creator version 1.0
Description
There is a Cross Site Scripting (XSS) issue in the
action parameter of "index.php" in PHPJabbers Document Creator. This allows for potential malicious script execution.Recommendations
For PHPJabbers Document Creator version 1.0, consider restricting access to the "index.php" file or validating and sanitizing the
action parameter to prevent XSS attacks. As a temporary workaround, avoid using the action parameter in the affected endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpjabbers Document Creator