CVE-2023-4493 Information

Description

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version through the users_admin.ghp file that affects multiple parameters such as (firstname homephone lastname lastname middlename workaddress workcity workcountry workphone workstate workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded resulting in an integrity impact.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products