Summary
| Name | PHP Server Monitor v3.5.2 - Stored XSS |
| Code name | Gilmour |
| Product | PHP Server Monitor |
| Affected versions | v3.5.2 |
| State | Unpublished/Contacted Vendor |
Vulnerability
| Kind | Stored cross-site scripting (XSS) |
| Rule | 010. Stored cross-site scripting (XSS) |
| Remote | Yes |
| CVSSv3 Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
| CVSSv3 Base Score | 4.8 |
| Exploit available | No |
| CVE ID(s) | CVE-2022-23044 |
Description
This information will be released later according to our Responsible Disclosure Policy.
Proof of Concept
This information will be released later according to our Responsible Disclosure Policy.
Exploit
This information will be released later according to our Responsible Disclosure Policy.
Mitigation
This information will be released later according to our Responsible Disclosure Policy.
Credits
The vulnerability was discovered by Oscar
Uribe from the Offensive
Team of Fluid Attacks.
References
| Vendor page | https://www.phpservermonitor.org/ |
Timeline
-
2022-01-11: Vulnerability discovered.
-
2022-01-11: Vendor contacted.
-
2022-01-17: Vendor replied acknowledging the report.