Description
Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.
Exploits (1)
nomisec
SUSPICIOUS
1 stars
by MrCraniums · poc
https://github.com/MrCraniums/CVE-2021-25790-Multiple-Stored-XSS
References (3)
Core 3
Core References
Product x_refsource_misc
https://www.sourcecodester.com
Product x_refsource_misc
https://www.sourcecodester.com/php/14649/house-rental-and-property-listing-php-full-source-code.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49352
Scores
CVSS v3
5.4
EPSS
0.0028
EPSS Percentile
51.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
house_rental_and_property_listing_php_project/house_rental_and_property_listing_php
1.0
Published
Jul 23, 2021
Tracked Since
Feb 18, 2026