CVE-2023-1569

Name of the Vulnerable Software and Affected Versions SourceCodester E-Commerce System version 1.0

Description A problematic vulnerability was found in the SourceCodester E-Commerce System. The issue affects an unknown functionality of the file admin/user/controller.php?action=edit. The manipulation of the U NAME argument with the input <script>alert('1')</script> leads to cross-site scripting. The attack can be launched remotely.

Recommendations For version 1.0, consider disabling the admin/user/controller.php?action=edit endpoint until a patch is available. Restrict access to the U NAME argument in the affected endpoint to minimize the risk of exploitation.