PT-2024-11981 · Unknown · Sourcecodester Oretnom23 Blog Site
Enferas
·
Published
2024-05-01
·
Updated
2024-07-03
·
CVE-2023-23019
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
sourcecodester oretnom23 Blog Site version 1.0
Description
The issue is related to a cross site scripting (XSS) vulnerability in the file main.php. This vulnerability can be exploited via the
name and email parameters to the user add function.Recommendations
For sourcecodester oretnom23 Blog Site version 1.0, consider validating and sanitizing the
name and email parameters to prevent XSS attacks. As a temporary workaround, restrict the use of the user add function until a patch is available.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Oretnom23 Blog Site