CVE-2022-27330: XSS
First published: Tue May 03 2022(Updated: )
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| E-commerce Website Project E-commerce Website | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-27330?
The severity of CVE-2022-27330 is medium with a CVSS score of 5.4.
How does CVE-2022-27330 affect E-Commerce Website v1.0?
CVE-2022-27330 allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Product Title text field of /public/admin/index.php?add_product.
How can I fix CVE-2022-27330?
To fix CVE-2022-27330, ensure that user inputs are properly sanitized before being rendered on the website.
What is cross-site scripting (XSS)?
Cross-site scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
Where can I find more information about CVE-2022-27330?
You can find more information about CVE-2022-27330 at the following link: [GitHub - Full-Ecommece-Website-Add_Product-Stored_XSS-POC](https://github.com/CP04042K/Full-Ecommece-Website-Add_Product-Stored_XSS-POC)
- collector/nvd-index
- vendor/e-commerce website project
- canonical/e-commerce website project e-commerce website
- version/e-commerce website project e-commerce website/1.0