CVE-2024-5851 | playSMS up to 1.4.7 SMS Schedule index.php name/message cross site scripting

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting.

This vulnerability is traded as CVE-2024-5851. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The code maintainer was contacted early about this disclosure and was eager to prepare a fix as quickly as possible.

It is recommended to upgrade the affected component.

CVE-2024-5851 | playSMS up to 1.4.7 SMS Schedule index.php name/message cross site scripting

Post correlati

CVE-2024-38949 | libde265 1.0.15 sdl.cc display444as420 heap-based overflow (Issue 460)

CVE-2024-1005 | Shanxi Diankeyun Technology NODERP up to 6.0.2 /runtime/log file access

CVE-2024-32144 | Welcart e-Commerce Plugin up to 2.9.14 on WordPress authorization

CVE-2023-34385 | Akshay Menariya Export Import Menus Plugin up to 1.8.0 on WordPress unrestricted upload