A cross-site scripting vulnerability exists in E-Commerce Website version 1.0, which originates from a cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product that allows an attacker to inject a specially crafted payload into the product title text field by injecting specially crafted payload. An attacker could use this vulnerability to execute arbitrary Web script or HTML.
CPE | Name | Operator | Version |
---|---|---|---|
e-commerce website e-commerce website | eq | 1.0 |