Skip to main content

Car Rental Script CVE-2023-48837

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-12-07 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 07, 2023 - 07:15 nvd
MEDIUM 5.4

DescriptionNVD

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.

AnalysisAI

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Affected products include: Phpjabbers Car Rental Script.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2017-17637 CRITICAL POC
9.8 Dec 13

Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. Rated critical severity (CVSS 9.8), th

CVE-2017-17906 CRITICAL POC
9.8 Dec 27

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. Rated critical sever

CVE-2017-17905 HIGH POC
8.8 Dec 27

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. Rated high severity (CVSS 8.8), this vulnerabili

CVE-2023-48835 HIGH POC
8.8 Dec 07

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Rated high severity (CVSS

CVE-2023-48834 HIGH POC
7.5 Dec 07

A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. Rated high

CVE-2017-17907 MEDIUM POC
6.1 Dec 27

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php webs

CVE-2023-40764 CRITICAL
9.8 Aug 28

User enumeration is found in PHP Jabbers Car Rental Script v3.0. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2023-48836 MEDIUM POC
5.4 Dec 07

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_ke

CVE-2018-15182 MEDIUM POC
5.4 Aug 09

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. Rated medium severity (CVSS 5.4)

CVE-2018-6904 MEDIUM POC
5.4 Apr 12

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. Rated medium severit

CVE-2023-40754 HIGH
8.8 Aug 28

In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile

Share

CVE-2023-48837 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy