CVE-2023-4492 Information

Description

Vulnerability in Easy Address Book Web Server 1.6 version affecting the parameters (firstname homephone lastname middlename workaddress workcity workcountry workphone workstate and workzip) of the /addrbook.ghp file allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products