CVE-2023-3144
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk46th percentile — higher than 46% of all known CVEs
Summary
A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 that allows cross site scripting (XSS) attacks through manipulation of the 'title' argument in the admin/posts/manage_post.php file. The attack can be launched remotely.
Risk Assessment
This vulnerability poses a risk to organizations as it allows remote attackers to inject malicious code into the application, potentially leading to user data theft or session hijacking.
Recommendation
It is recommended to update to the latest version of the software and implement input filtering and validation to minimize the risk of XSS attacks.
Original NVD description (English source)
A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231013 was assigned to this vulnerability.

