CVE-2022-1980

Name of the Vulnerable Software and Affected Versions SourceCodester Product Show Room Site version 1.0

Description A problematic issue has been identified, affecting the "/admin/?page=system info/contact info" endpoint. The manipulation of the Telephone textbox with the input <script>alert(1)</script> leads to cross-site scripting. This attack can be initiated remotely but requires authentication. Details about the exploit have been publicly disclosed.

Recommendations For version 1.0, as a temporary workaround, consider restricting access to the "/admin/?page=system info/contact info" endpoint until a patch is available. Avoid using the Telephone textbox in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.