| Title | Online Eyewear Shop Website has XSS vulnerability |
|---|
| Description | BUG_Author: Murasaki
URL:http://localhost/oews/admin/?page=orders/view_order&id=
Link:https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html
There is a stored XSS vulnerability in the order submission,attackers can use XSS injection to steal the identity authentication of administrative users, and perform some background operations as administrators to achieve CSRF attacks. Attackers can also hang horses on websites, so that visitors' browsers can be controlled by attackers.
|
|---|
| Source | ⚠️ https://github.com/1MurasaKi/Eyewear_Shop_XSS/blob/main/README.md |
|---|
| User | Murasaki (UID 41555) |
|---|
| Submission | 02/22/2023 08:04 (3 years ago) |
|---|
| Moderation | 02/22/2023 20:25 (12 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 221635 [SourceCodester Online Eyewear Shop 1.0 view_order ID cross site scripting] |
|---|
| Points | 20 |
|---|