CVE Catalog

CVE-2023-3538

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile — higher than 22% of all known CVEs

Summary

A vulnerability was found in SimplePHPscripts Photo Gallery PHP 2.0 that allows cross site scripting (XSS) attacks through manipulation of code in the /preview.php file. The attack can be initiated remotely.

Risk Assessment

This vulnerability may lead to user data theft or session hijacking, posing a serious threat to the security of the application and its users.

Recommendation

It is recommended to update to the latest version of the software and implement input data filtering to prevent XSS attacks.

Original NVD description (English source)

A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS