प्लेटफ़ॉर्म
php
में ठीक किया गया
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in projectworlds House Rental and Property Listing version 1.0. This flaw resides within the /app/sms.php file and allows attackers to inject malicious scripts via manipulation of the Message argument. Successful exploitation could lead to session hijacking or defacement of the application, impacting users of this property listing platform.
The XSS vulnerability in House Rental and Property Listing allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a user's browser when they visit a page containing the injected script. Attackers could leverage this to steal session cookies, redirect users to malicious websites, or deface the application. The public availability of the exploit significantly increases the risk of widespread exploitation, particularly given the potential for automated scanning and exploitation attempts. The impact is amplified if the application handles sensitive user data, such as personal information or financial details.
The exploit for CVE-2026-1700 has been publicly disclosed, indicating a higher probability of exploitation. The vulnerability is not currently listed on CISA KEV. Given the public availability of the exploit and the relatively simple nature of the XSS attack, it is likely that automated scanning tools are already targeting vulnerable instances. Monitor logs for suspicious activity and implement proactive detection measures.
Organizations and individuals using projectworlds House Rental and Property Listing version 1.0, particularly those hosting the application on shared hosting environments or without robust security monitoring, are at increased risk. Users who interact with the application's SMS functionality are also directly exposed.
• php / server:
grep -r "Message = " /app/sms.php• generic web:
curl -I <property listing URL with potentially malicious Message parameter>• generic web: Examine access logs for requests containing suspicious characters in the Message parameter.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.01% (1% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-1700 is to upgrade to a patched version of House Rental and Property Listing. Since no fixed version is specified, immediate action is crucial. As a temporary workaround, implement strict input validation on the Message argument in /app/sms.php, ensuring that only expected characters are allowed. Employ output encoding to sanitize any user-supplied data before rendering it in the browser. Consider implementing a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly review and update security configurations.
एक पैच किए गए संस्करण में अपडेट करें या 'Message' पैरामीटर के माध्यम से दुर्भावनापूर्ण कोड इंजेक्शन को रोकने के लिए आवश्यक सुरक्षा उपाय लागू करें फ़ाइल sms.php में। क्रॉस-साइट स्क्रिप्टिंग (XSS) हमलों को रोकने के लिए उपयोगकर्ता इनपुट को मान्य और साफ़ करें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-1700 is a cross-site scripting (XSS) vulnerability in projectworlds House Rental and Property Listing version 1.0, affecting the /app/sms.php file. Attackers can inject malicious scripts by manipulating the Message argument.
You are affected if you are using projectworlds House Rental and Property Listing version 1.0 and have not applied a patch or implemented mitigating controls.
Upgrade to a patched version of House Rental and Property Listing. As a temporary workaround, implement input validation and output encoding on the Message argument in /app/sms.php.
Due to the public availability of the exploit, CVE-2026-1700 is likely being actively exploited, or is at high risk of exploitation.
Refer to projectworlds' official website or security channels for the advisory related to CVE-2026-1700.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।