CVE-2023-3642

Name of the Vulnerable Software and Affected Versions GZ Scripts Vacation Rental Website version 1.8

Description A vulnerability was found in the HTTP POST Request Handler component, affecting some unknown functionality of the file /VacationRentalWebsite/property/8/ad-has-principes/. The manipulation of the username, title, or comment arguments leads to cross-site scripting. The attack may be launched remotely.

Recommendations For GZ Scripts Vacation Rental Website version 1.8, consider disabling the HTTP POST Request Handler component or restricting access to the /VacationRentalWebsite/property/8/ad-has-principes/ file until a patch is available. Avoid using the username, title, or comment arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.