CVE-2024-11247— SourceCodester Online Eyewear Shop 代码注入漏洞

SourceCodester Online Eyewear Shop Inventory Page Master.php cross site scripting

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

SourceCodester Online Eyewear Shop 代码注入漏洞

SourceCodester Online Eyewear Shop是SourceCodester开源的一个使用 PHP 和 MySQL 开发的在线眼镜店网站项目，它提供了一个在线购物和订购平台，面向眼镜业务及其潜在客户。 SourceCodester Online Eyewear Shop 1.0版本存在代码注入漏洞，该漏洞源于文件/oews/classes/Master.php?f=save_product的参数brand会导致跨站脚本攻击。

N/A

N/A