CVE-2023-4493

Name of the Vulnerable Software and Affected Versions Easy Address Book Web Server version 1.6

Description The issue is a Stored Cross-Site Scripting vulnerability that affects multiple parameters such as firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, and workzip through the users admin.ghp file. This allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.

Recommendations For Easy Address Book Web Server version 1.6, consider disabling the users admin.ghp file or restricting access to it until a patch is available. Additionally, restrict the use of the affected parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.