| 제목 | SourceCodester Pizzafy Ecommerce System 1.0 Cross Site Scripting |
|---|
| 설명 | Vulnerability Type: Cross-Site Scripting (XSS) – Stored – SAVE ORDERS
Affected Product: Pizzafy Ecommerce System 1.0
Download: https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html
Vulnerable Endpoint:
/pizzafy/admin/ajax.php?action=save_order
Vulnerable Parameter:
first_name=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&last_name=test&email=test%40gmail.com&mobile=teste&address=Address
Description:
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the application. User-supplied input is not properly sanitized or encoded before being stored and later rendered in the browser.
An attacker can inject malicious JavaScript code into a persistent field (such as name, description, or comments). When other users access the affected page, the injected script is executed in their browser context.
This allows attackers to perform actions such as session hijacking, credential theft, or unauthorized actions on behalf of the victim..
|
|---|
| 원천 | ⚠️ https://github.com/joaodrmmd/VulDB-Reports/blob/main/XSS%20-%20Orders.pdf |
|---|
| 사용자 | r3du (UID 97257) |
|---|
| 제출 | 2026. 04. 12. PM 06:56 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 04. 28. PM 12:26 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359956 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=save_order first_name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|