PT-2023-27814 · Unknown · Php Jabbers Service Booking Script
Skalvin
·
Published
2023-08-03
·
Updated
2024-05-17
·
CVE-2023-4113
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PHP Jabbers Service Booking Script version 1.0
Description
A vulnerability was found in the PHP Jabbers Service Booking Script, affecting unknown code of the file /index.php. The manipulation of the
index argument leads to cross-site scripting. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.Recommendations
For PHP Jabbers Service Booking Script version 1.0, consider disabling access to the /index.php file until a patch is available. As a temporary workaround, restrict the manipulation of the
index argument to minimize the risk of cross-site scripting exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php Jabbers Service Booking Script