CVE-2023-4870
CVSS 3.1 Score 4.7 of 10 (medium)
Details
Summary
CVE-2023-4870 is a newly disclosed vulnerability affecting the SourceCodester Contact Manager App 1.0. The issue lies in the Contact Information Handler component of the index.php file. A cross-site scripting (XSS) vulnerability has been identified, which can be triggered by manipulating the contactID argument with the input "<sCrIpT>alert(1)</ScRiPt>. This vulnerability allows attackers to inject malicious scripts into a user's browser, potentially stealing sensitive information or gaining unauthorized access. The exploit is publicly known and can be initiated remotely, posing a significant risk to users.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.