exploitDog

CVE-2023-53927

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections, potentially enabling client-side code execution.

Ссылки

https://www.exploit-db.com/exploits/51415
Exploit
Third Party Advisory
VDB Entry
https://www.phpjabbers.com/
Product
https://www.vulncheck.com/advisories/phpjabbers-simple-cms-stored-cross-site-scripting-via-section-creation
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/51415
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpjabbers:simple_cms:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00032

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-98qf-xpr5-r2xv

CVSS3: 8.8

github

около 2 месяцев назад

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections, potentially enabling client-side code execution.

EPSS

Процентиль: 9%

0.00032

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79