CVE-2023-30210
published 2023-04-26CVE-2023-30210: OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.
PriorityP333medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.17%
63.6th percentile
OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ourphp | ourphp | <= 7.2.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
OURPHP <= 7.2.0 - Cross Site Scripting
nuclei·CVSS 6.1
CVE-2023-30210 [MEDIUM] OURPHP <= 7.2.0 - Cross Site Scripting
OURPHP alert(document.domain)"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "alert(document.domain)"
- "barmemCachedPercent"
- "swapPercent"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 490a0046304402206fa301ca2406e09efdd237025d5277f34f443cb6ea85367c671c727e0b74b3f202204a07b243556b013c40932608bffbe6ced67cde0e9dcbc2ae4c17161e63c965eb:922c64590222798bb761d5b6d8e72950
2023-04-26
Published