First published: Tue May 03 2022(Updated: )
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
E-commerce Website Project E-commerce Website | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-27330 is medium with a CVSS score of 5.4.
CVE-2022-27330 allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Product Title text field of /public/admin/index.php?add_product.
To fix CVE-2022-27330, ensure that user inputs are properly sanitized before being rendered on the website.
Cross-site scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
You can find more information about CVE-2022-27330 at the following link: [GitHub - Full-Ecommece-Website-Add_Product-Stored_XSS-POC](https://github.com/CP04042K/Full-Ecommece-Website-Add_Product-Stored_XSS-POC)