PT-2021-3846 · Sourcecodester · Sourcecodester E-Commerce Website

Bigtiger2020

Published

2021-01-14

Updated

2021-09-13

CVE-2021-25204

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester E-Commerce Website version 1.0

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the subject field to "feedback process.php". The exploitation of this vulnerability can lead to remote attackers conducting cross-site scripting attacks.

Recommendations For SourceCodester E-Commerce Website version 1.0, consider disabling the feedback process.php script until a patch is available to prevent exploitation. Restrict access to the subject field in the "feedback process.php" endpoint to minimize the risk of XSS attacks.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2021-04201

CVE-2021-25204

Affected Products

Sourcecodester E-Commerce Website

PT-2021-3846 · Sourcecodester · Sourcecodester E-Commerce Website

CVE-2021-25204

Weakness Enumeration

Related Identifiers

Affected Products

References · 5