प्लेटफ़ॉर्म
php
में ठीक किया गया
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in projectworlds House Rental and Property Listing version 1.0. This flaw resides in the processing of the /app/complaint.php file, specifically concerning the 'Name' argument. Successful exploitation allows an attacker to inject malicious scripts, potentially compromising user sessions and data.
The XSS vulnerability in House Rental and Property Listing allows an attacker to execute arbitrary JavaScript code within the context of a user's browser. This can lead to various malicious actions, including session hijacking, redirection to phishing sites, defacement of the application, and theft of sensitive information like login credentials or personal data. Given the public availability of the exploit, the risk of immediate exploitation is significant. The attack can be launched remotely, expanding the potential attack surface.
This vulnerability is publicly known with a readily available exploit, indicating a high probability of exploitation. It was disclosed on 2026-01-06. The low CVSS score reflects the relatively simple exploitation process and potential limited impact, but the public exploit significantly increases the risk. No KEV listing or confirmed exploitation campaigns are currently known.
Websites and applications utilizing the projectworlds House Rental and Property Listing software, particularly those with user input forms and inadequate input validation, are at risk. Shared hosting environments where multiple users share the same server instance are especially vulnerable, as a compromise of one user's account could potentially impact others.
• php: Examine /app/complaint.php for unsanitized use of the Name parameter. Search for instances where user input is directly outputted to the browser without proper encoding.
• generic web: Monitor access logs for suspicious requests to /app/complaint.php with unusual or encoded values in the Name parameter. Use curl to test the endpoint with various payloads.
• generic web: Check response headers for signs of XSS payloads (e.g., unexpected script tags or event handlers).
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.04% (13% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-0642 is to upgrade to a patched version of House Rental and Property Listing. Since a fixed version is not explicitly mentioned, consider implementing input validation and output encoding on the Name parameter within /app/complaint.php to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Regularly review and update your WAF rules to ensure they are effective against emerging XSS techniques.
एक पैच किए गए संस्करण में अपडेट करें या XSS कोड निष्पादन को रोकने के लिए आवश्यक सुरक्षा उपाय लागू करें। उपयोगकर्ता इनपुट, विशेष रूप से complaint.php फ़ाइल में 'Name' फ़ील्ड को मान्य और साफ़ करें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-0642 is a cross-site scripting (XSS) vulnerability in projectworlds House Rental and Property Listing version 1.0, affecting the /app/complaint.php file. It allows attackers to inject malicious scripts.
You are affected if you are using House Rental and Property Listing version 1.0 and have not implemented adequate input validation and output encoding.
Upgrade to a patched version of House Rental and Property Listing. If a patch is unavailable, implement input validation and output encoding on the 'Name' parameter in /app/complaint.php.
Yes, a public exploit is available, indicating a high probability of active exploitation.
Refer to projectworlds' official website or security advisory channels for updates and information regarding CVE-2026-0642.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।