CVE-2021-25790 Information

Description

Multiple stored cross site scripting (XSS) vulnerabilities in the \Register\ module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://www.sourcecodester.com/php/14649/house-rental-and-property-listing-php-full-source-code.html https://www.exploit-db.com/exploits/49352 https://www.sourcecodester.com

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4