CVE-2023-7259

Name of the Vulnerable Software and Affected Versions zzdevelop lenosp versions up to 20230831

Description A disputed issue affects an unknown part of the Adduser Page component. The manipulation of the username argument with the input <script>alert(1)</script> leads to cross-site scripting. This can be initiated remotely. The real existence of this issue is still doubted, and the vendor has rejected it, claiming that cross-site scripting requiring administrative privileges is not useful for attackers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.