INCIBEVULNRICHMENT:CVE-2024-5312CVE-2024-5312 Cross-Site Scripting vulnerability in PHP Server Monitor
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
5.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PHP Server Monitor",
"vendor": "PHP Server Monitor",
"versions": [
{
"status": "affected",
"version": "3,2,0"
}
]
}
]Related
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
5.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%