CVE-2023-3757

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jul 19, 2023

Updated: May 17, 2024

CWE ID 416

Summary

CVE-2023-3757 is a newly discovered cross-site scripting vulnerability affecting the GZ Scripts Car Rental Script 1.8. The issue lies within an unknown function in the file /EventBookingCalendar/load.php. Attackers can exploit this flaw by manipulating the arguments first_name, second_name, phone, address_1, and country in a URL. Successful exploitation allows remote code execution, posing a significant security risk. The identifier for this vulnerability is VDB-234432. Unfortunately, the vendor has not responded to disclosure efforts, leaving users exposed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r6XEYI
https://www.cve.org/CVERecord?id=CVE-2023-3757
https://nvd.nist.gov/vuln/detail/CVE-2023-3757

Back to Vulnerability Database

CVE-2023-3757

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations