CVE-2023-49489

Name of the Vulnerable Software and Affected Versions KodExplorer version 4.51

Description A Reflective Cross Site Scripting (XSS) issue allows attackers to obtain sensitive information and escalate privileges via the APP HOST parameter at config/i18n/en/main.php. This can lead to unauthorized access and potential data breaches.

Recommendations For KodExplorer version 4.51, as a temporary workaround, consider restricting access to the APP HOST parameter in the config/i18n/en/main.php file until a patch is available. Avoid using the APP HOST parameter in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.