CVE-2023-49028

MEDIUM

absis < 2017-10-19 - Cross-Site Scripting via lock.php User Parameter

Title source: llm

Description

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file.

References (3)

Core 3

Core References

Third Party Advisory

https://gist.github.com/Chiaki2333/d132c4b169b55bd7cd50e73dbe20c410

Exploit

https://github.com/Chiaki2333/vulnerability/blob/main/smpn1smg-absis-XSS-lock.php-user.md

View Exploit ZIP pw:eip

Product

https://github.com/smpn1smg/absis

Scores

CVSS v3 5.4

EPSS 0.0084

EPSS Percentile 53.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

absis/absis < 2017-10-19

Published Nov 27, 2023

Tracked Since Feb 18, 2026