← back
CVE-2023-53882

JLex GuestBook 1.6.4 Reflected Cross-Site Scripting via URL Parameter

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Affected products
jlexart · JLex GuestBook

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jlexart.com/https://www.exploit-db.com/exploits/51647https://www.vulncheck.com/advisories/jlex-guestbook-reflected-cross-site-scripting-via-url-parameter