Code Projects · Online Shop Store · CVE-2026-5647
Name of the Vulnerable Software and Affected Versions
code-projects Online Shoe Store version 1.0
Description
A cross-site scripting issue exists in the Add Product Page component of code-projects Online Shoe Store version 1.0. The issue is located in an unknown part of the `/admin/admin feature.php` file. Manipulation of the `product name` argument can trigger the vulnerability. The attack can be launched remotely. The exploit is publicly available.
Recommendations
For code-projects Online Shoe Store version 1.0, sanitize the `product name` argument to prevent cross-site scripting.