3 matches found
PHP Login System 2.0.1 - Cross-Site Scripting
msaad1999's PHP-Login-System 2.0.1 contains a reflected cross-site scripting caused by unsanitized input in 'validator' parameter in /reset-password, letting remote attackers execute arbitrary JavaScript in a user's browser, exploit requires attacker to craft malicious URL id: CVE-2023-38875 info...
CVE-2023-38875
creationtimestamp| type| source ---|---|--- 2023-09-21 00:30:28+00:00| seen| https://t.me/cibsecurity/70841 2025-11-28 05:14:21+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-38875.yaml 2025-12-01 21:02:37+00:00| seen|...
CVE-2023-38875
Affected software : msaad1999's PHP-Login-System 2.0.1. Vulnerability : Reflected cross-site scripting (XSS) caused by unsanitized input in the 'validator' parameter of /reset-password. Impact : remote attackers can execute arbitrary JavaScript in a user’s browser, potentially stealing cookies or...