PT-2023-16486 · Unknown · Sourcecodester Online Eyewear Shop
Cp_Offensive_Team
+1
·
Published
2023-02-07
·
Updated
2024-09-07
·
CVE-2023-0732
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Online Eyewear Shop version 1.0
Description
A vulnerability has been found in the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the arguments
firstname, middlename, lastname, email, and contact leads to cross-site scripting. The attack can be launched remotely.Recommendations
For SourceCodester Online Eyewear Shop version 1.0, as a temporary workaround, consider validating and sanitizing the
firstname, middlename, lastname, email, and contact arguments in the registration function to prevent cross-site scripting attacks. Restrict access to the vulnerable Users.php file until a patch is available.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Online Eyewear Shop