| 제목 | Online Eyewear Shop Website has XSS vulnerability |
|---|
| 설명 | BUG_Author: Murasaki
URL:http://localhost/oews/admin/?page=orders/view_order&id=
Link:https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html
There is a stored XSS vulnerability in the order submission,attackers can use XSS injection to steal the identity authentication of administrative users, and perform some background operations as administrators to achieve CSRF attacks. Attackers can also hang horses on websites, so that visitors' browsers can be controlled by attackers.
|
|---|
| 원천 | ⚠️ https://github.com/1MurasaKi/Eyewear_Shop_XSS/blob/main/README.md |
|---|
| 사용자 | Murasaki (UID 41555) |
|---|
| 제출 | 2023. 02. 22. AM 08:04 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 02. 22. PM 08:25 (12 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 221635 [SourceCodester Online Eyewear Shop 1.0 view_order 아이디 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|