CVE-2023-4592

Name of the Vulnerable Software and Affected Versions WPN-XM Serverstack version 0.8.6

Description A Cross-Site Scripting issue has been detected in WPN-XM Serverstack. This issue could allow a remote attacker to send a specially crafted JavaScript payload through the "/tools/webinterface/index.php" parameter and retrieve the cookie session details of an authenticated user, resulting in a session hijacking.

Recommendations For version 0.8.6, consider disabling access to the "/tools/webinterface/index.php" parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.