PT-2023-17374 · Unknown · Sourcecodester Online Computer/Laptop Store

Haicheng.Zhang

Publicado

2023-04-08

Atualizado

2024-05-17

CVE-2023-1961

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Online Computer and Laptop Store version 1.0

Description A problematic issue has been found, affecting an unknown function of the file "/admin/?page=system info". The manipulation of the System Name argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling access to the "/admin/?page=system info" endpoint until a patch is available. Restrict the manipulation of the System Name argument to minimize the risk of cross-site scripting exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-1961

Produtos afetados

Sourcecodester Online Computer/Laptop Store

PT-2023-17374 · Unknown · Sourcecodester Online Computer/Laptop Store

CVE-2023-1961

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6