PT-2024-11982 · Unknown · Sourcecodester Oretnom23 Pos Point Sale System
Enferas
·
Published
2024-05-01
·
Updated
2025-02-21
·
CVE-2023-23021
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
sourcecodester oretnom23 pos point sale system version 1.0
Description
The issue allows attackers to execute arbitrary code via the
code, name, and description inputs in the file Main.php. This is a Cross Site Scripting (XSS) vulnerability.Recommendations
For sourcecodester oretnom23 pos point sale system version 1.0, consider validating and sanitizing the
code, name, and description inputs in the Main.php file to prevent arbitrary code execution. As a temporary workaround, restrict access to the Main.php file until a patch is available.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Oretnom23 Pos Point Sale System