Primary

Context

Iqbolshoh php-business-website Cross-Site Scripting Vulnerability in admin/contact.php

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Iqbolshoh php-business-website versions prior to 10677743a8dfc281f85291a27cf63a0bce043c24. The issue resides in the file admin/contact.php, where user input from the twitter argument is not properly sanitized before being output. This flaw allows remote attackers to inject malicious scripts that are executed in the context of the user's browser.

Impact

Exploitation of this vulnerability leads to stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, navigate to the admin/contact.php page. The vulnerability can be exploited by entering a script tag containing JavaScript, such as an alert command, into the twitter input field. After submitting the input, the injected script will be executed when the page is viewed, demonstrating the cross-site scripting vulnerability.

Added: Oct 27, 2025, 5:19 AM

Updated: Oct 27, 2025, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

7.7

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

7.7

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Iqbolshoh php-business-website Cross-Site Scripting Vulnerability in admin/contact.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating