CVE-2023-36314
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Aug 10, 2023
Updated: Nov 7, 2023
CWE ID 79
Summary
CVE-2023-36314 represents a Cross-Site Scripting (XSS) vulnerability in the PHPJabbers Callback Widget v1.0. The issue lies within the value-text-o_sms_email_request_message parameters of index.php. An attacker can exploit this vulnerability by injecting malicious scripts into the webpage, which could lead to theft of user data or session hijacking when a user visits a specially crafted malicious website. Successful exploitation relies on the victim interacting with the affected page, making this a significant security concern.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- PHPJabbers