CVE-2023-3970

A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability.
References
Link Resource
https://seclists.org/fulldisclosure/2023/Jul/51 Exploit Mailing List Third Party Advisory
https://vuldb.com/?ctiid.235569 Permissions Required Third Party Advisory
https://vuldb.com/?id.235569 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gzscripts:availability_booking_calendar_php:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-07-27 12:15

Updated : 2024-05-17 02:27


NVD link : CVE-2023-3970

Mitre link : CVE-2023-3970

CVE.ORG link : CVE-2023-3970


JSON object : View

Products Affected

gzscripts

  • availability_booking_calendar_php
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')