CVE-2024-5312 Cross-Site Scripting vulnerability in PHP Server Monitor

2024-05-2410:38:35

CWE-79

INCIBE

www.cve.org

cve-2024-5312

cross-site scripting

php server monitor

phpmailer

test script

session details

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.0%

JSON

PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PHP Server Monitor",
    "vendor": "PHP Server Monitor",
    "versions": [
      {
        "status": "affected",
        "version": "3,2,0"
      }
    ]
  }
]