Vulnerability CVE-2024-5312


Published: 2024-05-24

Description:
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-php-server-monitor

Copyright 2026, cxsecurity.com

 

Back to Top