CVE-2023-3558

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jul 10, 2023

Updated: May 17, 2024

CWE ID 79

Summary

CVE-2023-3558 is a newly identified cross-site scripting (XSS) vulnerability affecting version 1.8 of GZ Scripts Event Booking Calendar. The issue lies within an unnamed function in the /load.php file, which can be exploited by manipulating the first_name, second_name, phone, address_1, and country parameters. An attacker can launch this attack remotely, potentially injecting malicious code into a victim's web browser. Despite early disclosure to the vendor, VDB-233352, no response or remediation has been reported.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r6x9PA
https://www.cve.org/CVERecord?id=CVE-2023-3558
https://nvd.nist.gov/vuln/detail/CVE-2023-3558

Back to Vulnerability Database

CVE-2023-3558

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations