CVE Catalog

CVE-2023-3535

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3, affecting an unknown functionality of the file /preview.php in the URL Parameter Handler component. The manipulation leads to cross site scripting.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking.

Recommendation

It is recommended to update the script to the latest version and implement input data filtering to minimize the risk of XSS attacks.

Original NVD description (English source)

A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233287.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS