| 제목 | Code-Projects Food Ordering System 1.0 Cross Site Scripting |
|---|
| 설명 | During the security assessment of "Simple Food Ordering System Project", I detected a critical stored cross-site scripting vulnerability in the "addproduct.php" file. This vulnerability occurs due to inadequate input sanitization for user-controllable data that is stored and later displayed without proper output encoding. Attackers can inject malicious scripts that remain on the server and execute automatically when legitimate users browse the affected pages. This can result in unauthorized actions being performed on behalf of authenticated users, theft of sensitive information, and complete compromise of user sessions. Immediate remediation is required to prevent widespread impact. |
|---|
| 원천 | ⚠️ https://github.com/underatted/CVE/issues/18 |
|---|
| 사용자 | underatted (UID 90321) |
|---|
| 제출 | 2025. 10. 15. AM 10:05 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 26. PM 05:59 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 329971 [code-projects Simple Food Ordering System 1.0 /addproduct.php pname/category/price 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|