CVE-2023-0966

Name of the Vulnerable Software and Affected Versions SourceCodester Online Eyewear Shop version 1.0

Description A problematic issue was found in the software, affecting an unknown functionality of the file "admin/?page=orders/view order". The manipulation of the id argument leads to cross-site scripting. The attack can be launched remotely.

Recommendations For SourceCodester Online Eyewear Shop version 1.0, as a temporary workaround, consider restricting access to the "admin/?page=orders/view order" endpoint until a patch is available. Avoid using the id argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.