Lucene search
INCIBECVELIST:CVE-2024-5312HistoryMay 24, 2024 - 10:38 a.m.
CVE-2024-5312 Cross-Site Scripting vulnerability in PHP Server Monitor
2024-05-2410:38:35
CWE-79
INCIBE
www.cve.org
3
cve-2024-5312
cross-site scripting
php server monitor
phpmailer
test script
session details
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0
Percentile
9.0%
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PHP Server Monitor",
"vendor": "PHP Server Monitor",
"versions": [
{
"status": "affected",
"version": "3,2,0"
}
]
}
]Related
github
github
PHP Server Monitor vulnerable to Cross-site Scripting
2024-05-24 18:45:28
veracode
veracode
Cross-Site Scripting
2024-05-28 04:56:47
cve
cve
CVE-2024-5312
2024-05-24 11:15:10
vulnrichment
vulnrichment
CVE-2024-5312 Cross-Site Scripting vulnerability in PHP Server Monitor
2024-05-24 10:38:35
osv
osv
PHP Server Monitor vulnerable to Cross-site Scripting
2024-05-24 18:45:28
nvd
nvd
CVE-2024-5312
2024-05-24 11:15:10
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0
Percentile
9.0%
Related for CVELIST:CVE-2024-5312