2 matches found
CVE-2023-38876
CVE-2023-38876 describes a reflected XSS in msaad1999’s PHP-Login-System 2.0.1. The vulnerability is triggered by a malicious payload in the selector parameter of the /reset-password endpoint, allowing remote attackers to execute arbitrary JavaScript in a user’s browser. The available sources con...
CVE-2023-38875
Affected software : msaad1999's PHP-Login-System 2.0.1. Vulnerability : Reflected cross-site scripting (XSS) caused by unsanitized input in the 'validator' parameter of /reset-password. Impact : remote attackers can execute arbitrary JavaScript in a user’s browser, potentially stealing cookies or...