| عنوان | SourceCodester Online Eyewear Shop 1.0 Cross Site Scripting |
|---|
| الوصف | **Summary for VulDB Submission:**
**Title:**
Stored XSS Vulnerability in Online Eyewear Shop Website 1.0
**Description:**
A **stored Cross-Site Scripting (XSS)** vulnerability has been identified in version 1.0 of the **Online Eyewear Shop Website**. The flaw resides in the **contact form update section** at the URL `/admin/?page=system_info/contact_info`. Attackers can inject malicious scripts into form fields, which are stored and executed every time the page is accessed. This vulnerability can lead to session hijacking, malicious script execution, and compromise of user and administrator accounts. The issue remains **unpatched** and poses a high security risk.
**Severity:**
- High
**Affected Version:**
- 1.0
**Proof of Concept (PoC):**
```html
<script>alert('XSS');</script>
```
**Vulnerable URLs:**
- `/admin/?page=system_info/contact_info`
**References:**
- [Vulnerability Source](https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html)
- [PoC Image 1](https://i.ibb.co/ZMnZ45c/2024-10-13-17-22-contact.png)
- [PoC Image 2](https://i.ibb.co/0YZLPN0/2024-10-13-17-23-contact.png)
- [PoC Image 3](https://i.ibb.co/YX12CKH/2024-10-13-17-24-contact.png)
|
|---|
| المصدر | ⚠️ https://gist.github.com/higordiego/bedd395e74a335f0145872c96d7cb92d |
|---|
| المستخدم | c4ttr4ck (UID 75518) |
|---|
| ارسال | 13/10/2024 10:34 PM (2 سنوات منذ) |
|---|
| الاعتدال | 14/10/2024 09:48 PM (23 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 280319 [SourceCodester Online Eyewear Shop 1.0 Contact Information Page contact_info Address البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|