Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/48xxx/CVE-2023-48903.json",
"cna_assigner": "mitre"
}