CVE-2023-3539
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
A vulnerability has been found in SimplePHPscripts Simple Forum PHP version 2.7 that leads to cross site scripting (XSS) attacks through manipulation of the /preview.php file. The issue affects some unknown processing in the URL Parameter Handler component.
Risk Assessment
An attacker may remotely exploit this vulnerability, posing a risk of session hijacking or data theft.
Recommendation
It is recommended to update to the latest version of SimplePHPscripts Simple Forum PHP and review application security to minimize the risk of XSS.
Original NVD description (English source)
A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233291.

