CVE-2023-4496

Name of the Vulnerable Software and Affected Versions Easy Chat Server versions 3.1 and earlier

Description The issue arises from insufficient encryption of user-controlled inputs, leading to a Cross-Site Scripting (XSS) vulnerability. This vulnerability is stored via the "/body2.ghp" API endpoint using the POST method, specifically in the mtowho parameter.

Recommendations For Easy Chat Server versions 3.1 and earlier, as a temporary workaround, consider restricting access to the "/body2.ghp" API endpoint until a patch is available. Additionally, avoid using the mtowho parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.