CVE-2026-8117

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0

Description An issue in the processing of the '/admin/index.php' endpoint allows for remote cross-site scripting (XSS), a technique where malicious scripts are injected into trusted websites. This occurs through the manipulation of the page argument.

Recommendations Restrict access to the '/admin/index.php' endpoint or avoid using the page argument until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.