We found results for “”
WS-2023-0302
Good to know:
Date: August 18, 2023
In phpsysinfo, the XML.php file has a JSONP hijacking vulnerability. When a user visits a page carefully crafted by the attacker, the JSON data is obtained and sent to the attacker, such as IP addresses, server names, network topologies, and other data that could be used to map out the internal network structure. This information could then be used to identify additional targets within the network and launch more targeted attacks. The issue is patched in version 3.4.3.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Cross-Site Scripting (XSS)
CWE-79Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |