CVE-2023-3970
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.0 that allows cross site scripting (XSS) attacks through manipulation of the img argument in the file /index.php?controller=GzUser&action=edit&id=1. The attack can be initiated remotely.
Risk Assessment
This vulnerability poses a risk of exploitation by malicious users to inject scripts, potentially leading to data theft or session hijacking.
Recommendation
It is recommended to update the component to the latest version and implement input data filtering to minimize the risk of XSS attacks.
Original NVD description (English source)
A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability.

