First published: Wed May 24 2023(Updated: )
A vulnerability was found in SourceCodester Online Jewelry Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file customer.php of the component POST Parameter Handler. The manipulation of the argument Custid leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229820.
Credit: cna@vuldb.com cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Online Jewelry Store Project Online Jewelry Store | =1.0 | |
=1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-2864.
The severity of CVE-2023-2864 is medium with a CVSS score of 6.1.
The affected software is Online Jewelry Store Project Online Jewelry Store version 1.0.
The CWE for this vulnerability is CWE-79 (Cross-Site Scripting).
To fix this vulnerability, you should sanitize user input and properly encode or validate any data that is displayed on the website to mitigate the risk of cross-site scripting attacks.