CVE-2021-25790

MEDIUM

House Rental and Property Listing 1.0 - Authenticated Stored Cross-Site Scripting in Register Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-25790. PoCs published by MrCraniums.

AI-analyzed exploit summary The repository lacks functional exploit code and instead references an external ExploitDB link. It provides minimal technical details about the vulnerability, focusing on generic information without demonstrating the exploit mechanism.

Description

Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.

Exploits (1)

nomisec SUSPICIOUS 1 stars
by MrCraniums · poc
https://github.com/MrCraniums/CVE-2021-25790-Multiple-Stored-XSS

The repository lacks functional exploit code and instead references an external ExploitDB link. It provides minimal technical details about the vulnerability, focusing on generic information without demonstrating the exploit mechanism.

Classification
Suspicious 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: House Rental and Property Listing V1.0
No auth needed
Prerequisites: Access to the vulnerable application
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Product x_refsource_misc
https://www.sourcecodester.com
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49352

Scores

CVSS v3 5.4
EPSS 0.0088
EPSS Percentile 54.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
house_rental_and_property_listing_php_project/house_rental_and_property_listing_php 1.0
Published Jul 23, 2021
Tracked Since Feb 18, 2026