Cross-Site Scripting in Fiverr Clone Script by Fiverr
CVE-2019-25445

5.1MEDIUM

Key Information:

Vendor: PHPscriptsmall
Status: Fiverr Clone Script
Vendor: CVE Published:; 20 February 2026

🔔 Create PHPscriptsmall Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2019-25445?

The Fiverr Clone Script version 1.2.2 has a cross-site scripting (XSS) vulnerability allowing unauthenticated attackers to inject malicious scripts. By manipulating the 'keyword' parameter in the search-results.php file, attackers can craft URLs containing script tags, which enables execution of arbitrary JavaScript in users' browsers. This vulnerability poses significant risks to users by potentially exposing them to malicious actions or data theft.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Fiverr Clone Script 1.2.2

References

https://www.exploit-db.com/exploits/46637

exploit

https://www.vulncheck.com/advisories/fiverr-clone-script-...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 20, 2026
👾
Exploit known to exist
Feb 20, 2026
Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Feb 20, 2026

Credit

Mr Winst0n

JSON

PHPscriptsmall

Badges

What is CVE-2019-25445?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.