Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

HTML injection in Originatesoft's Dbizle

Posted date 08/10/2025
Identificador
INCIBE-2025-0552
Importance
3 - Medium
Affected Resources

Dbizle.

Description

INCIBE has coordinated the publication of a medium-severity vulnerability affecting Originatesoft's Dbizle, which offers a script for customisable classified ad websites. The vulnerability was discovered by Gonzalo Aguilar Garcia (6h4ack).

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type: 

  • CVE-2025-10347: CVSS v4.0: 4.8 | CVSS AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N | CWE-79
Solution

No solution has been reported at this time.

Detail
  • CVE-2025-10347: HTML injection vulnerability in Originatesoft's Best Classified Script (Dbizle). This vulnerability allows an attacker to modify the HTML code in the victim's browser by sending them a malicious URL using the “term” parameter in “ads-list”.
CVE
Explotación
No
Nuevo Fabricante
Originatesoft
Identificador CVE
CVE-2025-10347
Severidad
Media
References list
Originatesoft
Etiquetas