CVE Catalog

CVE-2023-3970

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile — higher than 39% of all known CVEs

Summary

A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.0 that allows cross site scripting (XSS) attacks through manipulation of the img argument in the file /index.php?controller=GzUser&action=edit&id=1. The attack can be initiated remotely.

Risk Assessment

This vulnerability poses a risk of exploitation by malicious users to inject scripts, potentially leading to data theft or session hijacking.

Recommendation

It is recommended to update the component to the latest version and implement input data filtering to minimize the risk of XSS attacks.

Original NVD description (English source)

A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS