CVE Catalog

CVE-2023-3540

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

A vulnerability CVE-2023-3540 was found in SimplePHPscripts NewsLetter Script PHP 2.4, affecting an unknown function in the /preview.php file, which is susceptible to cross site scripting. An attacker can remotely manipulate data, leading to the execution of malicious code.

Risk Assessment

This threat could lead to user data theft or session hijacking, posing a serious risk to the organization's security.

Recommendation

It is recommended to update the script to the latest version to eliminate this vulnerability and implement input sanitization filters.

Original NVD description (English source)

A vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233292.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS