CVE-2023-0732

Name of the Vulnerable Software and Affected Versions SourceCodester Online Eyewear Shop version 1.0

Description A vulnerability has been found in the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the arguments firstname, middlename, lastname, email, and contact leads to cross-site scripting. The attack can be launched remotely.

Recommendations For SourceCodester Online Eyewear Shop version 1.0, as a temporary workaround, consider validating and sanitizing the firstname, middlename, lastname, email, and contact arguments in the registration function to prevent cross-site scripting attacks. Restrict access to the vulnerable Users.php file until a patch is available.