| Titel | SourceCodester Online Eyewear Shop 1.0 Cross Site Scripting |
|---|
| Beschreibung | **Summary for VulDB Submission:**
**Title:**
Stored XSS Vulnerability in Online Eyewear Shop Website 1.0
**Description:**
A **stored Cross-Site Scripting (XSS)** vulnerability has been identified in version 1.0 of the **Online Eyewear Shop Website**. The flaw resides in the **contact form update section** at the URL `/admin/?page=system_info/contact_info`. Attackers can inject malicious scripts into form fields, which are stored and executed every time the page is accessed. This vulnerability can lead to session hijacking, malicious script execution, and compromise of user and administrator accounts. The issue remains **unpatched** and poses a high security risk.
**Severity:**
- High
**Affected Version:**
- 1.0
**Proof of Concept (PoC):**
```html
<script>alert('XSS');</script>
```
**Vulnerable URLs:**
- `/admin/?page=system_info/contact_info`
**References:**
- [Vulnerability Source](https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html)
- [PoC Image 1](https://i.ibb.co/ZMnZ45c/2024-10-13-17-22-contact.png)
- [PoC Image 2](https://i.ibb.co/0YZLPN0/2024-10-13-17-23-contact.png)
- [PoC Image 3](https://i.ibb.co/YX12CKH/2024-10-13-17-24-contact.png)
|
|---|
| Quelle | ⚠️ https://gist.github.com/higordiego/bedd395e74a335f0145872c96d7cb92d |
|---|
| Benutzer | c4ttr4ck (UID 75518) |
|---|
| Einreichung | 13.10.2024 22:34 (vor 2 Jahren) |
|---|
| Moderieren | 14.10.2024 21:48 (23 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 280319 [SourceCodester Online Eyewear Shop 1.0 Contact Information Page contact_info Address Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|