| शीर्षक | SourceCodester Pizzafy Ecommerce System using PHP and MySQL 1.0 Cross Site Scripting |
|---|
| विवरण | The menu management functionality in Pizzafy Ecommerce System 1.0 fails to sanitize the name and description fields when creating or editing menu items. An authenticated administrator can inject arbitrary JavaScript payloads into these fields. The malicious script is stored in the database and executes in the browser of any user — including unauthenticated visitors — who loads the customer-facing homepage where menu items are displayed.
This vulnerability crosses the privilege boundary: an admin-injected payload affects all site visitors regardless of authentication status.
|
|---|
| स्रोत | ⚠️ https://github.com/Xmyronn/Stored-XSS-in-Pizzafy-Ecommerce-System-admin-manage_menu.php-Affects-Unauthenticated-Users-.git |
|---|
| उपयोगकर्ता | imad alvi (UID 97088) |
|---|
| सबमिशन | 13/04/2026 01:18 PM (2 महीनों पहले) |
|---|
| संयम | 29/04/2026 11:40 AM (16 days later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 359955 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=save_menu नाम क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 0 |
|---|