CVE-2023-48858
MEDIUMabo.cms 5.9 - Cross-Site Scripting via Login Page URL Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-48858. PoCs published by Shumerez.
AI-analyzed exploit summary The repository provides a functional proof-of-concept for CVE-2023-48858, demonstrating a reflected XSS vulnerability in ABO.CMS 5.9's login.php page. The PoC includes a crafted URL that injects arbitrary JavaScript via the URL path, confirmed to work on both demo and real-world instances.
Description
A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part.
Exploits (1)
The repository provides a functional proof-of-concept for CVE-2023-48858, demonstrating a reflected XSS vulnerability in ABO.CMS 5.9's login.php page. The PoC includes a crafted URL that injects arbitrary JavaScript via the URL path, confirmed to work on both demo and real-world instances.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N