CVE-2023-53927

Name of the Vulnerable Software and Affected Versions PHPJabbers Simple CMS version 5.0

Description The software contains a stored cross-site scripting issue. Authenticated attackers can inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections, potentially enabling client-side code execution. The vulnerable parameter is the section name.

Recommendations Apply any available updates to address the issue. As a temporary workaround, sanitize all user-supplied input for the section name parameter to prevent the injection of malicious scripts.