PT-2025-35087 · Unknown · Puneethreddyhc Online Shopping System Advanced Version 1.0
Jairajparyani
·
Publicado
2025-08-28
·
Atualizado
2025-08-28
·
CVE-2025-51971
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PuneethReddyHC Online Shopping System Advanced version 1.0
Description
A reflected Cross-Site Scripting (XSS) vulnerability exists in the
register.php file. Unsanitized user input in the f name parameter is reflected in the server response without proper HTML encoding or output escaping, potentially allowing remote attackers to inject arbitrary JavaScript code.Recommendations
Ensure proper HTML encoding or output escaping is implemented for the
f name parameter in the register.php file.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Puneethreddyhc Online Shopping System Advanced Version 1.0