CVE-2023-54361

Name of the Vulnerable Software and Affected Versions iProperty Real Estate versions 4.1.1

Description The software contains a reflected cross-site scripting issue. Attackers can inject malicious scripts by manipulating the filter keyword parameter. Specifically, attackers can craft URLs containing JavaScript payloads in the filter keyword GET parameter of the /all-properties-with-map API endpoint to execute arbitrary code in victim browsers and potentially steal session tokens or credentials.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the filter keyword parameter before using it in the /all-properties-with-map endpoint.