PT-2024-24178 · Unknown · Cosmetics/Beauty Product Online Store
Mohitkumar0786
·
Published
2024-04-15
·
Updated
2025-04-10
·
CVE-2024-31652
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cosmetics and Beauty Product Online Store version 1.0
Description
A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
Search parameter. This enables attackers to potentially steal user data or take control of user sessions.Recommendations
For Cosmetics and Beauty Product Online Store version 1.0, consider disabling the Search function until a patch is available to prevent exploitation of the XSS issue. Restrict access to the Search parameter to minimize the risk of arbitrary script execution.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cosmetics/Beauty Product Online Store