CVE-2023-7149

Name of the Vulnerable Software and Affected Versions code-projects QR Code Generator version 1.0

Description A problem exists in the code-projects QR Code Generator due to inadequate protection of the web page structure. This issue can be exploited by a remote attacker to conduct a cross-site scripting attack. The vulnerability affects an unknown part of the file /download.php?file=author.png, where the manipulation of the file argument with a specific input can lead to cross-site scripting. The attack can be initiated remotely.

Recommendations For code-projects QR Code Generator version 1.0, consider disabling access to the /download.php file until a patch is available. As a temporary workaround, restrict the input for the file argument in the /download.php?file=author.png endpoint to prevent cross-site scripting attacks. Avoid using the file argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.