PT-2023-32651 · Unknown · Voovi Social Networking Script
Rafael Pedrero
·
Published
2023-11-30
·
Updated
2023-12-02
·
CVE-2023-6420
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Voovi Social Networking Script version 1.0
Description
A vulnerability has been reported that allows a XSS via the "signup2.php" endpoint in the
emailadd parameter. The exploitation of this issue could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user.Recommendations
For Voovi Social Networking Script version 1.0, consider disabling the
emailadd parameter in the "signup2.php" endpoint until a patch is available. Restrict access to the "signup2.php" endpoint to minimize the risk of exploitation. Avoid using the emailadd parameter in the affected endpoint until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Voovi Social Networking Script