CVE Catalog

CVE-2023-3537

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

A vulnerability CVE-2023-3537 has been found in SimplePHPscripts News Script PHP Pro 2.4 affecting the /preview.php file related to URL Parameter Handler. Manipulation of this file leads to cross site scripting (XSS) attacks.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking.

Recommendation

It is recommended to update to the latest version of the script to mitigate this vulnerability and implement appropriate security measures against XSS attacks.

Original NVD description (English source)

A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233289 was assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS