CVE-2023-38876
published 2023-09-20CVE-2023-38876: A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web…
PriorityP334medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.73%
49.7th percentile
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msaad1999 | php-login-system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
PHP Login System 2.0.1 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-38875 [MEDIUM] PHP Login System 2.0.1 - Cross-Site Scripting
PHP Login System 2.0.1 - Cross-Site Scripting
msaad1999's PHP-Login-System 2.0.1 contains a reflected cross-site scripting caused by unsanitized input in 'validator' parameter in /reset-password, letting remote attackers execute arbitrary JavaScript in a user's browser, exploit requires attacker to craft malicious URL
Template:
id: CVE-2023-38875
info:
name: PHP Login System 2.0.1 - Cross-Site Scripting
author: 0x_Akoko
severity: medium
description: |
msaad1999's PHP-Login-System 2.0.1 contains a reflected cross-site scripting caused by unsanitized input in 'validator' parameter in /reset-password, letting remote attackers execute arbitrary JavaScript in a user's browser, exploit requires attacker to craft malicious URL
impact: |
Attackers can execute arbitrary JavaScript in users' bro
No writeups or analysis indexed.
2023-09-20
Published