exploitDog

CVE-2023-38875

Опубликовано: 20 сент. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'.

Ссылки

https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38875
Third Party Advisory
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38875
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:msaad1999:php-login-system:2.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04599

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-v3mq-x5wm-h3mq

CVSS3: 6.1

github

больше 2 лет назад

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'.

EPSS

Процентиль: 89%

0.04599

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79