CVE-2023-53735
Description
WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
WEBIGniter 28.7.23 has a reflected XSS in the 'your_name' parameter during user creation, enabling unauthenticated JavaScript execution.
Vulnerability
WEBIGniter 28.7.23 contains a cross-site scripting (XSS) vulnerability in the user creation process. The 'your_name' parameter fails to properly validate input, allowing injection of arbitrary JavaScript [2][3]. This is a reflected XSS issue, classified under CWE-79 [3].
Exploitation
An unauthenticated attacker can exploit this by submitting a crafted payload in the 'your_name' field during account creation at /create-account [2]. The injected script, such as ``, is then executed when a victim views the 'users' page under their profile [2]. No authentication is required, and the attack is network-based with low complexity [3].
Impact
Successful exploitation allows the attacker to execute malicious JavaScript in the context of the victim's browser. This can result in session theft, credential capture, or defacement. The CVSS v4 score is Medium (6.9) with low impacts to confidentiality and integrity [3].
Mitigation
The vendor has not confirmed a patch. Mitigation requires rigorous input validation and encoding of the 'your_name' parameter to neutralize XSS vectors [2]. As of the advisory date, users should monitor for updates or apply input sanitization as a workaround.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=28.7.23
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.