CVE-2021-25790

Name of the Vulnerable Software and Affected Versions House Rental and Property Listing version 1.0

Description The issue allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number in the "Register" module. This enables attackers to perform stored cross-site scripting (XSS) attacks.

Recommendations For House Rental and Property Listing version 1.0, consider disabling the "Register" module until a patch is available to prevent exploitation. Restrict access to all text fields in the "Register" module to minimize the risk of XSS attacks. Avoid using crafted payloads in any text fields to prevent the execution of arbitrary web scripts or HTML. At the moment, there is no information about a newer version that contains a fix for this vulnerability.