{"id":"CVE-2023-48903","details":"Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter \"imgType\" via in uploadCarImages.php.","modified":"2026-03-14T12:22:52.980352Z","published":"2024-03-21T04:15:09.063Z","references":[{"type":"EVIDENCE","url":"https://packetstormsecurity.com/files/177662/Tramyardg-Autoexpress-1.3.0-Cross-Site-Scripting.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tramyardg/autoexpress","events":[{"introduced":"0"},{"last_affected":"5720984b6a8c84d512377322ccaaa3b0ad3749eb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.0-alpha"}]}}],"versions":["v1.0-alpha","v1.0.0-alpha","v1.1.0-alpha","v1.2.0-alpha","v1.3.0-alpha"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48903.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}