M0R3Try

Name of the Vulnerable Software and Affected Versions: TinyShop version 1.2.0 Description: The issue is related to a stored XSS vulnerability. It can be exploited via the `explain first` and `again explain` parameters of the "/evaluate/index.php" page, potentially resulting in cross-site scripting (XSS) or information disclosure. The vulnerability may be exploited remotely. Recommendations: For TinyShop version 1.2.0, as a temporary workaround, consider restricting access to the "/evaluate/index.php" page or disabling the use of the `explain first` and `again explain` parameters until a fix is available. Avoid using these parameters in the affected page to minimize the risk of exploitation.