CVE-2023-53882

JLex GuestBook 1.6.4 Reflected Cross-Site Scripting via URL Parameter

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79

JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected products

jlexart · JLex GuestBook

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jlexart.com/https://www.exploit-db.com/exploits/51647 https://www.vulncheck.com/advisories/jlex-guestbook-reflected-cross-site-scripting-via-url-parameter