A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting.
This vulnerability is traded as CVE-2024-5851. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
The code maintainer was contacted early about this disclosure and was eager to prepare a fix as quickly as possible.
It is recommended to upgrade the affected component.