PT-2023-24186 · Puneethreddyhc+1 · Puneethreddyhc Online-Shopping-System-Advanced+1
Kr1Shna4Garwal
+1
·
Published
2023-06-18
·
Updated
2024-05-17
·
CVE-2023-3311
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Advance Charity Management System version 1.0
PuneethReddyHC online-shopping-system-advanced version 1.0
Description
A problematic issue was found in the affected software, specifically in the file addsuppliers.php, where the manipulation of the
First name argument leads to cross site scripting. This issue can be initiated remotely.Recommendations
For SourceCodester Advance Charity Management System version 1.0, consider disabling the
addsупpliers.php file or restricting access to it until a patch is available.
For PuneethReddyHC online-shopping-system-advanced version 1.0, avoid using the First name argument in the affected file until the issue is resolved.
As a temporary workaround, restrict the use of the addsупpliers.php file to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Puneethreddyhc Online-Shopping-System-Advanced
Sourcecodester Advance Charity Management System