Genealogy Application Authenticated Reflected Cross-Site Scripting Vulnerability
Vulnerability
A reflected cross-site scripting vulnerability has been identified in the Genealogy PHP application, affecting all versions prior to 4.4.0. This vulnerability allows authenticated attackers to inject malicious JavaScript into query parameters, which is then executed in the context of another user's session. The impact of this vulnerability includes session hijacking, data theft, and manipulation of the user interface.
Impact
Exploitation of this vulnerability allows for authenticated reflected cross-site scripting, where an attacker can execute arbitrary JavaScript in another user's session.
Reproduction
To reproduce this vulnerability, an authenticated user can inject malicious JavaScript into the application's query parameters. The injected script will be reflected back and executed in the browser of another user.
Remediation
Users are advised to upgrade to version 4.4.0 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.