Описание
PHP Server Monitor vulnerable to Cross-site Scripting
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details.
Пакеты
Наименование
phpservermon/phpservermon
composer
Затронутые версииВерсия исправления
<= 3.2.0
3.3.0
Связанные уязвимости
CVSS3: 6.3
nvd
больше 1 года назад
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details.