Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1ycTdmLWo2OGYtbXFoM84AA8iV

Moderate EPSS: 0.00318% (0.54265 Percentile) EPSS:
Permalink JSON

PHP Server Monitor vulnerable to Cross-site Scripting

Affected Packages Affected Versions Fixed Versions
packagist:phpservermon/phpservermon <= 3.2.0 3.3.0
0 Dependent packages
0 Dependent repositories
86 Downloads total

Affected Version Ranges

All affected versions

v3.1.0, v3.1.1, v3.2.0, v3.2.0-rc1

All unaffected versions

v3.2.1, v3.2.2, v3.3.0, v3.3.1, v3.3.2, v3.4.0, v3.4.1, v3.4.2, v3.4.3, v3.4.4, v3.4.5, v3.5.0, v3.5.1, v3.5.2

PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details.

References:

Identifiers

GHSA-rq7f-j68f-mqh3

CVE-2024-5312

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00318

EPSS Percentile: 0.54265

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/PHPMailer/PHPMailer

Date and time

Published

over 1 year ago

Updated

8 days ago

API

JSON