CVE-2023-3858

Name of the Vulnerable Software and Affected Versions phpscriptpoint Car Listing version 1.6

Description A vulnerability has been found in the /search.php file, where the manipulation of the country/state/city argument leads to cross-site scripting. The attack can be initiated remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For phpscriptpoint Car Listing version 1.6, consider disabling the /search.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the country/state/city argument in the affected API endpoint until the issue is resolved.