Home > Vulnerability Database > WS-2023-0302

Mend.io Vulnerability Database

WS-2023-0302

Good to know:

Date: August 18, 2023

In phpsysinfo, the XML.php file has a JSONP hijacking vulnerability. When a user visits a page carefully crafted by the attacker, the JSON data is obtained and sent to the attacker, such as IP addresses, server names, network topologies, and other data that could be used to map out the internal network structure. This information could then be used to identify additional targets within the network and launch more targeted attacks. The issue is patched in version 3.4.3.

Language: PHP

Severity Score

6.5

Related Resources (2)

Url: https://github.com/phpsysinfo/phpsysinfo/commit/4f2cee505e4f2e9b369a321063ff2c5e0c34ba45

Url: https://www.mend.io/vulnerability-database/WS-2023-0302

Severity Score

6.5

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version v3.4.3

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0302

Good to know:

Date: August 18, 2023

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?