CVE-2023-5837 LOW

CVE-2023-5837: AlexanderLivanov FotosCMS2 Cookie profile.php cross site scripting

Vendor Alexanderlivanov
Product FotosCMS2
Weakness CWE-79 · XSS
Published October 28, 2023
Last update August 27, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243802 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

October 28, 2023 CVE published
August 27, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-29022 Session Hijacking via XSS attack in header and session grid in Xibo CMS CVE-2025-23589 WordPress ContentOptin Lite plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2021-1130 Cisco DNA Center Cross-Site Scripting Vulnerability CVE-2024-3189 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2021-24519 Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)