CVE-2023-53882

Name of the Vulnerable Software and Affected Versions JLex GuestBook version 1.6.4

Description The software contains a reflected cross-site scripting issue in the q URL parameter. This allows attackers to inject malicious scripts. Attackers can create malicious links with XSS payloads to potentially steal session tokens or execute arbitrary JavaScript in a victim’s browser.

Recommendations Update JLex GuestBook to a newer version that addresses this issue. As a temporary workaround, sanitize the q URL parameter to prevent the injection of malicious scripts.