CVE-2023-54341

Name of the Vulnerable Software and Affected Versions Webgrind versions 1.1 and earlier

Description The application does not adequately encode user-supplied data, enabling unauthenticated attackers to inject malicious scripts through the file parameter in the 'index.php' file. This allows attackers to execute arbitrary JavaScript in a victim’s browser by creating malicious URLs. The affected API endpoint is 'index.php'. The vulnerable parameter is file.

Recommendations Versions prior to 1.1 should be updated.