PT-2023-27617 · Phpjabbers · Phpjabbers Make An Offer Widget
Published
2023-08-28
·
Updated
2023-08-29
·
CVE-2023-40752
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PHPJabbers Make an Offer Widget version 1.0
Description
There is a Cross Site Scripting (XSS) issue in the
action parameter of the "index.php" file. This allows for potential malicious script execution.Recommendations
For PHPJabbers Make an Offer Widget version 1.0, consider disabling the
action parameter in the index.php file until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. Avoid using the action parameter in the affected endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpjabbers Make An Offer Widget