Lucene search

K

PHPJabbers Rental Property Booking 2.0 - Reflected XSS Vulnerability

🗓️ 04 Aug 2023 00:00:00Reported by CraCkErType 
zdt
 zdt
🔗 0day.today👁 167 Views

PHPJabbers Rental Property Booking 2.0 - Reflected XSS Vulnerability, Manipulate site conten

Show more
Related
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2023-4117 PHP Jabbers Rental Property Booking index.php cross site scripting
3 Aug 202307:31
cvelist
Prion
Cross site scripting
3 Aug 202308:15
prion
NVD
CVE-2023-4117
3 Aug 202308:15
nvd
CVE
CVE-2023-4117
3 Aug 202308:15
cve
Packet Storm
PHPJabbers Rental Property Booking 2.0 Cross Site Scripting
3 Aug 202300:00
packetstorm
Exploit DB
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
4 Aug 202300:00
exploitdb
# Exploit Title: PHPJabbers Rental Property Booking 2.0 - Reflected XSS
# Exploit Author: CraCkEr
# Vendor: PHPJabbers
# Vendor Homepage: https://www.phpjabbers.com/
# Software Link: https://www.phpjabbers.com/rental-property-booking-calendar/
# Version: 2.0
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site
# CVE: CVE-2023-4117


## Greetings

The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob


## Description

The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of actions, such as stealing the victim's session token or login credentials



Path: /index.php

GET parameter 'index' is vulnerable to RXSS

https://website/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=[XSS]&date=


[-] Done

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
04 Aug 2023 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS25
CVSS36.1
EPSS0.002
167
.json
Report