Description
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript in users' browsers.
Exploits (1)
References (2)
Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/46637
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/fiverr-clone-script-cross-site-scripting-via-search-resultsphp
Scores
CVSS v3
6.1
EPSS
0.0011
EPSS Percentile
28.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
Phpscriptsmall/Fiverr Clone Script
1.2.2
phpscriptsmall/fiverr_clone_script
1.2.2
Published
Feb 20, 2026
Tracked Since
Feb 21, 2026