CVE-2021-25204: XSS
First published: Fri Jul 23 2021(Updated: )
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| E-commerce Website Project E-commerce Website | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this XSS vulnerability?
The vulnerability ID for this XSS vulnerability is CVE-2021-25204.
What is the severity level of CVE-2021-25204?
CVE-2021-25204 has a severity level of medium (5.4).
Which software version is affected by CVE-2021-25204?
Version 1.0 of the E-commerce Website Project E-commerce Website is affected by CVE-2021-25204.
How can an attacker exploit CVE-2021-25204?
An attacker can exploit CVE-2021-25204 by injecting arbitrary web script or HTML through the subject field of feedback_process.php.
Is there a reference link available for more information on CVE-2021-25204?
Yes, you can find more information about CVE-2021-25204 at the following link: https://github.com/BigTiger2020/E-Commerce-Website/blob/main/E-Commerce%20Website-xss.md
- collector/nvd-index
- vendor/e-commerce website project
- canonical/e-commerce website project e-commerce website
- version/e-commerce website project e-commerce website/1.0