CVE-2023-33408

MEDIUM

Minical 1.0.0 - Cross-Site Scripting in security_helper.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-33408. PoCs published by Thirukrishnan.

AI-analyzed exploit summary This repository provides a proof-of-concept for CVE-2023-33408, demonstrating a stored XSS vulnerability in Minical 1.0.0. The exploit involves injecting malicious JavaScript via the 'Room Note' field, which executes when viewed.

Description

Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.

Exploits (1)

nomisec WORKING POC
by Thirukrishnan · poc
https://github.com/Thirukrishnan/CVE-2023-33408

This repository provides a proof-of-concept for CVE-2023-33408, demonstrating a stored XSS vulnerability in Minical 1.0.0. The exploit involves injecting malicious JavaScript via the 'Room Note' field, which executes when viewed.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Minical 1.0.0
Auth required
Prerequisites: Access to a valid user account in Minical · Ability to navigate to the Room Status section
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory
https://github.com/Thirukrishnan/CVE-2023-33408

Scores

CVSS v3 5.4
EPSS 0.0055
EPSS Percentile 41.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
minical/minical 1.0.0
Published Jun 05, 2023
Tracked Since Feb 18, 2026