CVE-2023-38875

Name of the Vulnerable Software and Affected Versions msaad1999's PHP-Login-System version 2.0.1

Description A reflected cross-site scripting (XSS) issue allows remote attackers to execute arbitrary JavaScript in the web browser of a user. This is achieved by including a malicious payload into the validator parameter in the "/reset-password" API endpoint.

Recommendations For version 2.0.1, as a temporary workaround, consider disabling the /reset-password endpoint until a patch is available. Restrict access to the validator parameter in the /reset-password endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.