PHP Server Monitor v3.5.2 - Stored XSS

Summary

Name PHP Server Monitor v3.5.2 - Stored XSS
Code name Gilmour
Product PHP Server Monitor
Affected versions v3.5.2
State Unpublished/Contacted Vendor

Vulnerability

Kind Stored cross-site scripting (XSS)
Rule 010. Stored cross-site scripting (XSS)
Remote Yes
CVSSv3 Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CVSSv3 Base Score 4.8
Exploit available No
CVE ID(s) CVE-2022-23044

Description

This information will be released later according to our Responsible Disclosure Policy.

Proof of Concept

This information will be released later according to our Responsible Disclosure Policy.

Exploit

This information will be released later according to our Responsible Disclosure Policy.

Mitigation

This information will be released later according to our Responsible Disclosure Policy.

Credits

The vulnerability was discovered by Oscar Uribe from the Offensive Team of Fluid Attacks.

References

Vendor page https://www.phpservermonitor.org/

Timeline

  • 2022-01-11: Vulnerability discovered.

  • 2022-01-11: Vendor contacted.

  • 2022-01-17: Vendor replied acknowledging the report.