PT-2022-24074 · Unknown · Simple Online Book Store System
Anx0Ing
·
Published
2022-09-11
·
Updated
2023-10-18
·
CVE-2022-37796
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Simple Online Book Store System version 1.0
Description
The issue concerns Cross Site Scripting (XSS) in the /admin book.php file, where the
Title, Author, and Description parameters are vulnerable. This allows for potential malicious script injection.Recommendations
For Simple Online Book Store System version 1.0, consider validating and sanitizing user input for the
Title, Author, and Description parameters in the /admin book.php file to prevent XSS attacks. As a temporary workaround, restrict access to the /admin book.php file until a proper fix is applied.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simple Online Book Store System