Cp_Offensive_Team

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Eyewear Shop version 1.0 **Description** A vulnerability has been found in the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the arguments `firstname`, `middlename`, `lastname`, `email`, and `contact` leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For SourceCodester Online Eyewear Shop version 1.0, as a temporary workaround, consider validating and sanitizing the `firstname`, `middlename`, `lastname`, `email`, and `contact` arguments in the registration function to prevent cross-site scripting attacks. Restrict access to the vulnerable `Users.php` file until a patch is available.