Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 (Bhabishya-123/E-commerce). The site's client-side JavaScript reads attacker-controlled input (for example, values derived from the URL or page fragment) and inserts it into the DOM via unsafe sinks (innerHTML/insertAdjacentHTML/document.write) without proper sanitization or context-aware encoding. An attacker can craft a malicious URL that, when opened by a victim, causes arbitrary JavaScript to execute in the victim's browser under the electic-shop origin.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
E-commerce 安全漏洞
Vulnerability Description
E-commerce是Bhabishya Ghimire个人开发者的一个动态的电子商务网站。 E-commerce v1.0版本存在安全漏洞,该漏洞源于DOM型跨站脚本,可能导致任意JavaScript执行。
CVSS Information
N/A
Vulnerability Type
N/A