CVE-2024-31650

Name of the Vulnerable Software and Affected Versions Cosmetics and Beauty Product Online Store version 1.0

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. This enables attackers to potentially steal user data or take control of user sessions.

Recommendations For Cosmetics and Beauty Product Online Store version 1.0, consider validating and sanitizing user input for the Last Name parameter to prevent malicious payloads from being injected. As a temporary workaround, restrict the use of the Last Name field until a patch is available.