CVE-2023-1507

Name of the Vulnerable Software and Affected Versions SourceCodester E-Commerce System version 1.0

Description A vulnerability has been found in the Category Name Handler component, specifically in the file /ecommerce/admin/category/controller.php. The issue is related to the manipulation of the CATEGORY argument, which leads to cross-site scripting. This can be exploited remotely.

Recommendations For SourceCodester E-Commerce System version 1.0, consider restricting access to the vulnerable Category Name Handler component until a fix is available. As a temporary workaround, avoid using the CATEGORY argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.