CVE-2023-7108

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0

Description A problematic vulnerability has been found in the code-projects E-Commerce Website, affecting an unknown part of the file user signup.php. The manipulation of the firstname argument with the input <video/src=x onerror=alert(document.domain)> leads to cross-site scripting. This issue can be initiated remotely.

Recommendations For code-projects E-Commerce Website version 1.0, as a temporary workaround, consider validating and sanitizing user input for the firstname argument in the user signup.php file to prevent cross-site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.