CVE-2023-4371 LOW

CVE-2023-4371: phpRecDB index.php cross site scripting

Vendor N/A

Product phpRecDB

Weakness CWE-79 · XSS

Published August 15, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in phpRecDB 1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument r/view leads to cross site scripting. The attack may be launched remotely. VDB-237194 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

August 15, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4371 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-22302 WordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS) CVE-2025-10131 All Social Share Options <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-27802 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Edit Preview CVE-2023-51666 WordPress Related Post Plugin <= 2.0.53 is vulnerable to Cross Site Scripting (XSS) CVE-2023-24005 WordPress Inline Tweet Sharer – Twitter Sharing Plugin Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)