XSS Vulnerability in PHP Server Monitor 3.2.0
CVE-2024-5312

6.3MEDIUM

Key Information:

Vendor: PHP Server Monitor
Status: PHP Server Monitor
Vendor: CVE Published:; 24 May 2024

Summary

PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details.

Affected Version(s)

PHP Server Monitor 3,2,0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2024
Vulnerability Reserved
May 24, 2024

Credit

Rafael Pedrero