Cross Site Scripting in PHPJabbers Yacht Listing Script
CVE-2023-40750

6.1MEDIUM

Key Information:

Vendor: PHPjabbers
Status: Yacht Listing Script
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-40750?

The Yacht Listing Script by PHPJabbers contains a Cross Site Scripting (XSS) vulnerability that allows an attacker to inject malicious scripts via the 'action' parameter in index.php. This flaw can lead to unauthorized actions, data theft, or compromise of user sessions, creating significant security risks for users of the application.

References

https://www.phpjabbers.com/yacht-listing-script/

https://medium.com/%40mfortinsec/multiple-vulnerabilities...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

PHPjabbers

What is CVE-2023-40750?

References

CVSS V3.1

Timeline