CVE-2023-49489
published 2023-12-19CVE-2023-49489: Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via…
PriorityP433medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.73%
49.5th percentile
Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kodcloud | kodexplorer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS)
nuclei·CVSS 6.1
CVE-2023-49489 [MEDIUM] KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS)
KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS)
Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.
Template:
id: CVE-2023-49489
info:
name: KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS)
author: DhiyaneshDk
severity: medium
description: |
Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.
impact: |
Unauthenticated attackers can inject malicious JavaScript via reflected XSS in the APP_HOST cookie parameter, potentially stealing user credentials or session
No writeups or analysis indexed.
2023-12-19
Published