Cross Site Scripting in Projectworlds House Rental and Property Listing by Projectworlds
CVE-2026-1700
Key Information:
- Vendor
Projectworlds
- Vendor
- CVE Published:
- 30 January 2026
Badges
What is CVE-2026-1700?
A security vulnerability has been discovered in Projectworlds' House Rental and Property Listing software version 1.0, specifically in the /app/sms.php file. This issue arises from improper handling of user-supplied input in the Message parameter, which can be exploited to execute arbitrary JavaScript in the context of the user's session. Attackers can remotely trigger this vulnerability, leading to potential data theft, session hijacking, or defacement of web content. Given the public availability of the exploit, it is crucial for users of this software to apply immediate patches and implement security best practices to safeguard against these attacks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
House Rental and Property Listing 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved