Submit #639704: givanz Vvveb 1.0.7.2 Cross Site Scriptinginfo

Titlegivanz Vvveb 1.0.7.2 Cross Site Scripting
DescriptionA Reflected Cross-Site Scripting (XSS) vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) exists in the user login form. The email and password parameters are not sanitized before being reflected in the HTML response. This allows an attacker to inject malicious scripts by crafting a special URL, leading to credential theft via a keylogger payload. This was confirmed by exfiltrating password data to a Burp Collaborator server.
Source⚠️ https://github.com/kwerty138/Reflected-XSS-in-Vvveb-CMS-v1.0.7.2
User
 andyp138 (UID 88373)
Submission08/22/2025 05:05 (10 months ago)
Moderation08/30/2025 15:47 (8 days later)
StatusAccepted
VulDB entry322017 [givanz Vvveb 1.0.7.2 login.tpl Email/Password cross site scripting]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!