PT-2022-19963 · Unknown · Sourcecodester Online Market Place Site
Published
2022-09-26
·
Updated
2022-09-28
·
CVE-2022-30003
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sourcecodester Online Market Place Site version 1.0
Description
The issue allows attackers to register as a Seller and then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields. This enables Cross Site Scripting (XSS) attacks.
Recommendations
For Sourcecodester Online Market Place Site version 1.0, consider validating and sanitizing user input in the 'Product Title' and 'Short Description' fields to prevent XSS payloads. As a temporary workaround, restrict the ability for Sellers to create new products until a patch is available.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Online Market Place Site