CVE-2023-3828
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0, classified as problematic. It affects an unknown part of the file /listplace/user/coverPhotoUpdate of the Photo Handler component, where manipulation of the argument user_cover_photo leads to cross site scripting.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a risk of session hijacking or data theft. The lack of response from the vendor may indicate insufficient security support.
Recommendation
It is recommended to immediately update the platform to the latest version if available, and to monitor the application for suspicious activity. Additionally, consider implementing extra security measures such as input validation.
Original NVD description (English source)
A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument user_cover_photo leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

