cve/2023/CVE-2023-48903.md

CVE-2023-48903

Description

Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.

POC

Reference

• https://packetstormsecurity.com/files/177662/Tramyardg-Autoexpress-1.3.0-Cross-Site-Scripting.html

Github

• https://github.com/NaInSec/CVE-LIST