PT-2024-39125 · Sourcecodester · Sourcecodester Online Food Ordering System
Knoxpro
·
Published
2024-09-09
·
Updated
2024-09-10
·
CVE-2024-8604
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
SourceCodester Online Food Ordering System version 2.0
Description:
A problematic issue has been found in the system, affecting the Create an Account Page, specifically the file index.php. The manipulation of the
First Name and Last Name arguments leads to cross-site scripting. This issue can be initiated remotely.Recommendations:
For version 2.0, consider restricting the input for
First Name and Last Name fields to minimize the risk of cross-site scripting until a patch is available. As a temporary workaround, validate and sanitize user input for these fields to prevent malicious code injection.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Online Food Ordering System