CVE-2019-8290

Name of the Vulnerable Software and Affected Versions Online Store version 1.0

Description The issue allows the registration form requirements for the member email format to be bypassed by posting directly to the "sent register.php" endpoint, enabling special characters to be included and an XSS payload to be injected.

Recommendations For version 1.0, consider validating and sanitizing user input in the registration form to prevent the inclusion of special characters and XSS payloads. As a temporary workaround, restrict access to the "sent register.php" endpoint to minimize the risk of exploitation.