PT-2024-24177 · Unknown · Cosmetics/Beauty Product Online Store
Mohitkumar0786
·
Published
2024-04-15
·
Updated
2024-08-20
·
CVE-2024-31651
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cosmetics and Beauty Product Online Store version 1.0
Description
A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
First Name parameter. This enables attackers to potentially steal user data or take control of user sessions.Recommendations
For Cosmetics and Beauty Product Online Store version 1.0, consider validating and sanitizing user input for the
First Name parameter to prevent XSS attacks. As a temporary workaround, restrict the use of the First Name field until a patch is available.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cosmetics/Beauty Product Online Store