CVE-2023-38876

Name of the Vulnerable Software and Affected Versions PHP-Login-System version 2.0.1

Description A reflected cross-site scripting (XSS) issue allows remote attackers to execute arbitrary JavaScript in a user's web browser. This is achieved by including a malicious payload into the selector parameter in the "/reset-password" API endpoint.

Recommendations For PHP-Login-System version 2.0.1, consider disabling the /reset-password endpoint until a patch is available to prevent exploitation. Restrict access to the selector parameter in the affected endpoint to minimize the risk of arbitrary JavaScript execution. At the moment, there is no information about a newer version that contains a fix for this issue.