Platform
php
Fixed in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in projectworlds House Rental and Property Listing version 1.0. This flaw resides within the /app/sms.php file and allows attackers to inject malicious scripts via manipulation of the Message argument. Successful exploitation could lead to session hijacking or defacement of the application, impacting users of this property listing platform.
The XSS vulnerability in House Rental and Property Listing allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a user's browser when they visit a page containing the injected script. Attackers could leverage this to steal session cookies, redirect users to malicious websites, or deface the application. The public availability of the exploit significantly increases the risk of widespread exploitation, particularly given the potential for automated scanning and exploitation attempts. The impact is amplified if the application handles sensitive user data, such as personal information or financial details.
The exploit for CVE-2026-1700 has been publicly disclosed, indicating a higher probability of exploitation. The vulnerability is not currently listed on CISA KEV. Given the public availability of the exploit and the relatively simple nature of the XSS attack, it is likely that automated scanning tools are already targeting vulnerable instances. Monitor logs for suspicious activity and implement proactive detection measures.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-1700 is to upgrade to a patched version of House Rental and Property Listing. Since no fixed version is specified, immediate action is crucial. As a temporary workaround, implement strict input validation on the Message argument in /app/sms.php, ensuring that only expected characters are allowed. Employ output encoding to sanitize any user-supplied data before rendering it in the browser. Consider implementing a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly review and update security configurations.
Update to a patched version or apply the necessary security measures to prevent the injection of malicious code through the 'Message' parameter in the sms.php file. Validate and sanitize user inputs to prevent Cross-Site Scripting (XSS) attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-1700 is a cross-site scripting (XSS) vulnerability in projectworlds House Rental and Property Listing version 1.0, affecting the /app/sms.php file. Attackers can inject malicious scripts by manipulating the Message argument.
You are affected if you are using projectworlds House Rental and Property Listing version 1.0 and have not applied a patch or implemented mitigating controls.
Upgrade to a patched version of House Rental and Property Listing. As a temporary workaround, implement input validation and output encoding on the Message argument in /app/sms.php.
Due to the public availability of the exploit, CVE-2026-1700 is likely being actively exploited, or is at high risk of exploitation.
Refer to projectworlds' official website or security channels for the advisory related to CVE-2026-1700.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.