CVE-2024-6082

Name of the Vulnerable Software and Affected Versions: PHPVibe version 11.0.46

Description: A problematic issue has been found in the Global Options Page component, specifically in the file functionalities.global.php. The manipulation of the site-logo-text argument leads to cross-site scripting. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations: For PHPVibe version 11.0.46, as a temporary workaround, consider restricting access to the Global Options Page or disabling the manipulation of the site-logo-text argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.