Platform
php
Fixed in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in projectworlds House Rental and Property Listing version 1.0. This flaw resides in the processing of the /app/complaint.php file, specifically concerning the 'Name' argument. Successful exploitation allows an attacker to inject malicious scripts, potentially compromising user sessions and data.
The XSS vulnerability in House Rental and Property Listing allows an attacker to execute arbitrary JavaScript code within the context of a user's browser. This can lead to various malicious actions, including session hijacking, redirection to phishing sites, defacement of the application, and theft of sensitive information like login credentials or personal data. Given the public availability of the exploit, the risk of immediate exploitation is significant. The attack can be launched remotely, expanding the potential attack surface.
This vulnerability is publicly known with a readily available exploit, indicating a high probability of exploitation. It was disclosed on 2026-01-06. The low CVSS score reflects the relatively simple exploitation process and potential limited impact, but the public exploit significantly increases the risk. No KEV listing or confirmed exploitation campaigns are currently known.
Exploit Status
EPSS
0.04% (13% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-0642 is to upgrade to a patched version of House Rental and Property Listing. Since a fixed version is not explicitly mentioned, consider implementing input validation and output encoding on the Name parameter within /app/complaint.php to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Regularly review and update your WAF rules to ensure they are effective against emerging XSS techniques.
Update to a patched version or apply the necessary security measures to prevent the execution of XSS (Cross-Site Scripting) code. Validate and sanitize user inputs, especially the 'Name' field in the complaint.php file.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-0642 is a cross-site scripting (XSS) vulnerability in projectworlds House Rental and Property Listing version 1.0, affecting the /app/complaint.php file. It allows attackers to inject malicious scripts.
You are affected if you are using House Rental and Property Listing version 1.0 and have not implemented adequate input validation and output encoding.
Upgrade to a patched version of House Rental and Property Listing. If a patch is unavailable, implement input validation and output encoding on the 'Name' parameter in /app/complaint.php.
Yes, a public exploit is available, indicating a high probability of active exploitation.
Refer to projectworlds' official website or security advisory channels for updates and information regarding CVE-2026-0642.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.