CVE-2023-53735

MEDIUM

WEBIGniter 28.7.23 - Unauthenticated Cross-Site Scripting in User Creation Process

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53735. PoCs published by Mesut Cetin.

AI-analyzed exploit summary This is a writeup describing a reflected XSS vulnerability in WEBIGniter v28.7.23, where the 'your_name' parameter during user creation fails to validate input, allowing script execution via an image tag.

Description

WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks.

Exploits (1)

exploitdb WRITEUP

by Mesut Cetin · textwebappsphp

https://www.exploit-db.com/exploits/51900

View Code ZIP pw:eip

This is a writeup describing a reflected XSS vulnerability in WEBIGniter v28.7.23, where the 'your_name' parameter during user creation fails to validate input, allowing script execution via an image tag.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WEBIGniter v28.7.23

No auth needed

Prerequisites: Access to the user creation page

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/51900

Various Sources product

https://webigniter.net/

Various Sources product

https://webigniter.net/demo

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/webigniter-28723-cross-site-scripting-xss-in-user-creation-process

Scores

CVSS v4 5.3

EPSS 0.0027

EPSS Percentile 51.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

WEBIGniter/WEBIGniter 28.7.23

Published Dec 04, 2025

Tracked Since Feb 18, 2026