CVE-2024-5312 Information

Description

PHP Server Monitor version 3.2.0 is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL send it to a victim and retrieve their session details.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-php-server-monitor