CVE-2024-39090

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project version 2.0

Description The PHPGurukul Online Shopping Portal Project contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover.

Recommendations As a temporary workaround, consider implementing CSRF protection measures, such as token-based validation, to prevent exploitation until a patch is available. Restrict access to sensitive user session data to minimize the risk of account takeover. Avoid using the vulnerable version of the PHPGurukul Online Shopping Portal Project until a fixed version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.