CVE-2023-40750
published 2023-08-28CVE-2023-40750: There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0.
PriorityP333medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.97%
57.6th percentile
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpjabbers | yacht_listing_script | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-40750 [MEDIUM] PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting
PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0.
Template:
id: CVE-2023-40750
info:
name: PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0.
impact: |
Unauthenticated attackers can inject malicious JavaScript through the action parameter in index.php to steal yacht listing administrator credentials and manipulate boat listings.
remediation: |
Update PHPJabbers Yacht Listing Script to a version newer than 1.0 that properly sanitizes the action parameter in
2023-08-28
Published