Cross Site Scripting Vulnerability in PHPJabbers Callback Widget
CVE-2023-36312
5.4MEDIUM
What is CVE-2023-36312?
A Cross Site Scripting (XSS) vulnerability has been identified in the value-enum-o_bf_include_timezone parameter of index.php within the PHPJabbers Callback Widget v1.0. This vulnerability can potentially allow attackers to inject malicious scripts into web pages, compromising user data and web application integrity. Developers utilizing this widget are strongly advised to assess their security posture and implement necessary patches to mitigate risks associated with potential exploits.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved