CVE-2024-9906

Name of the Vulnerable Software and Affected Versions SourceCodester Online Eyewear Shop version 1.0

Description A vulnerability was found in the software, affecting an unknown function of the file "/admin/?page=inventory/view inventory&id=2". The manipulation of the Code argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling access to the "/admin/?page=inventory/view inventory&id=2" endpoint until a patch is available. As a temporary workaround, avoid using the Code argument in the affected endpoint to minimize the risk of exploitation.