Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-3555— GZ Scripts PHP Vacation Rental Script preview.php cross site scripting

CVSS 3.5 · Low EPSS 0.28% · P52
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-3555

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
GZ Scripts PHP Vacation Rental Script preview.php cross site scripting
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. It has been classified as problematic. This affects an unknown part of the file /preview.php. The manipulation of the argument page/layout/sort_by/property_id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233349 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
GZ Scripts PHP Vacation Rental Script 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GZ Scripts PHP Vacation Rental Script是GZ Scripts公司的一个功能强大的基于网络的度假租赁软件。 GZ Scripts PHP Vacation Rental Script 存在跨站脚本漏洞,该漏洞源于 /preview.php 存在未知问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
GZ ScriptsPHP Vacation Rental Script 1.8 -

II. Public POCs for CVE-2023-3555

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-3555

登录查看更多情报信息。

Same Patch Batch · GZ Scripts · 2023-07-08 · 11 CVEs total

CVE-2023-35643.5 LOWGZ Scripts GZ Multi Hotel Booking System index.php cross site scripting
CVE-2023-35633.5 LOWGZ Scripts GZ E Learning Platform URL Parameter cross site scripting
CVE-2023-35623.5 LOWGZ Scripts PHP CRM Platform index.php cross site scripting
CVE-2023-35613.5 LOWGZ Scripts PHP GZ Hotel Booking Script load.php cross site scripting
CVE-2023-35603.5 LOWGZ Scripts Ticket Booking Script load.php cross site scripting
CVE-2023-35593.5 LOWGZ Scripts PHP GZ Appointment Scheduling Script load.php cross site scripting
CVE-2023-35583.5 LOWGZ Scripts Event Booking Calendar load.php cross site scripting
CVE-2023-35573.5 LOWGZ Scripts Property Listing Script preview.php cross site scripting
CVE-2023-35563.5 LOWGZ Scripts Car Listing Script PHP preview.php cross site scripting
CVE-2023-35543.5 LOWGZ Scripts GZ Forum Script preview.php cross site scripting

IV. Related Vulnerabilities

Same vendor: GZ Scripts
Same weakness: CWE-79

V. Comments for CVE-2023-3555

No comments yet

Leave a comment