PT-2024-24174 · Unknown · Cosmetics/Beauty Product Online Store
Mohitkumar0786
·
Published
2024-04-15
·
Updated
2025-04-10
·
CVE-2024-31649
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cosmetics and Beauty Product Online Store version 1.0
Description
A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
Product Name parameter. This enables attackers to potentially manipulate the website's behavior or steal user data.Recommendations
For Cosmetics and Beauty Product Online Store version 1.0, consider disabling the
Product Name parameter until a patch is available to prevent exploitation. Restrict access to the affected parameter to minimize the risk of arbitrary script execution.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cosmetics/Beauty Product Online Store