CVE Catalog

CVE-2023-3539

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

A vulnerability has been found in SimplePHPscripts Simple Forum PHP version 2.7 that leads to cross site scripting (XSS) attacks through manipulation of the /preview.php file. The issue affects some unknown processing in the URL Parameter Handler component.

Risk Assessment

An attacker may remotely exploit this vulnerability, posing a risk of session hijacking or data theft.

Recommendation

It is recommended to update to the latest version of SimplePHPscripts Simple Forum PHP and review application security to minimize the risk of XSS.

Original NVD description (English source)

A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233291.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS