CVE-2023-6419

Name of the Vulnerable Software and Affected Versions Voovi Social Networking Script version 1.0

Description A vulnerability has been reported that allows a XSS via editprofile.php in multiple parameters. The exploitation of this issue could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user.

Recommendations For Voovi Social Networking Script version 1.0, consider restricting access to the editprofile.php page until a patch is available. As a temporary workaround, avoid using the vulnerable parameters in the editprofile.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.