| Title | projectworlds.com House rental And Property Listing Project V1.0 cross site scripting |
|---|
| Description | An XSS vulnerability was found in the '/app/sms.php' file of the 'House rental And Property Listing' project. The reason for this issue is that attackers inject malicious script code from the parameter 'message' and the system outputs the user input directly to the web page without appropriate encoding or filtering. This allows attackers to execute arbitrary script code in the victim's browser, thereby performing unauthorized operations.
Impact
Attackers can exploit this XSS vulnerability to steal cookies, session tokens, or other sensitive information of the victim, perform actions on behalf of the victim, deface web pages, redirect users to malicious websites, and even gain control of the victim's browser, posing a serious threat to user privacy and system security.
messageRIPTION
During the security review of "House rental And Property Listing", I discovered a critical XSS vulnerability in the "/app/sms.php" file. This vulnerability stems from insufficient user input validation and output encoding of the 'message' parameter, allowing attackers to inject malicious script code. Therefore, attackers can execute arbitrary scripts in the victim's browser, steal sensitive information, and perform operations on behalf of the victim. Immediate remedial measures are needed to ensure system security and protect user data. |
|---|
| Source | ⚠️ https://github.com/jiahao412/CVE/issues/3 |
|---|
| User | jiahao412 (UID 94372) |
|---|
| Submission | 01/19/2026 14:19 (5 months ago) |
|---|
| Moderation | 01/30/2026 11:50 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 343490 [projectworlds House Rental and Property Listing 1.0 /app/sms.php Message cross site scripting] |
|---|
| Points | 20 |
|---|