CVE-2023-6420 MEDIUM

CVE-2023-6420: Cross-site Scripting vulnerability in Voovi Social Networking Script

Vendor Voovi Social Networking Script
Product Voovi Social Networking Script
Weakness CWE-79 · XSS
Published November 30, 2023
Last update June 3, 2025
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user.

Key dates

02Disclosure timeline

November 30, 2023 CVE published
June 3, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-30423 WordPress Better Elementor Addons plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability CVE-2025-23881 WordPress LJ Custom Menu Links Plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-56408 PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file CVE-2022-20667 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities CVE-2021-24738 Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting