PT-2024-25193 · Sourcecodester · Sourcecodester Product Show Room
Published
2024-05-02
·
Updated
2024-07-03
·
CVE-2024-33303
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Product Show Room version 1.0
Description
The issue concerns Cross Site Scripting (XSS) via the
First Name field under Add Users. This allows for potential malicious script injection.Recommendations
For SourceCodester Product Show Room version 1.0, consider validating and sanitizing user input for the
First Name field to prevent XSS attacks. As a temporary workaround, restrict access to the Add Users feature until a proper fix is implemented.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Product Show Room