CVE-2023-40755
published 2023-08-28CVE-2023-40755: There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.
PriorityP334medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.20%
64.4th percentile
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpjabbers | callback_widget | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
PHPJabbers Callback Widget v1.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-40755 [MEDIUM] PHPJabbers Callback Widget v1.0 - Cross-Site Scripting
PHPJabbers Callback Widget v1.0 - Cross-Site Scripting
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.
Template:
id: CVE-2023-40755
info:
name: PHPJabbers Callback Widget v1.0 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.
impact: |
Unauthenticated attackers can inject malicious JavaScript through the theme parameter in preview.php, potentially stealing callback widget administrator credentials and manipulating callback requests.
remediation: |
Update PHPJabbers Callback Widget to a version newer than 1.0 that properly sanitizes the theme parameter and
2023-08-28
Published