CVE-2023-5695

Name of the Vulnerable Software and Affected Versions CodeAstro Internet Banking System version 1.0

Description A cross-site scripting issue was found in the CodeAstro Internet Banking System, affecting an unknown functionality of the file pages reset pwd.php. The manipulation of the email argument with a malicious input, such as testing%40example.com'%26%25<ScRiPt%20>alert(9860)</ScRiPt>, leads to cross-site scripting. This issue can be exploited remotely.

Recommendations For CodeAstro Internet Banking System version 1.0, as a temporary workaround, consider restricting access to the pages reset pwd.php file until a patch is available. Avoid using the email argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.