Lucene search

[email protected]CVE-2023-27776

HistoryApr 19, 2023 - 12:15 p.m.

CVE-2023-27776

2023-04-1912:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023

xss

web security

online shop

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.1%

JSON

A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter.

Affected configurations

NVD

Node

online_jewelry_shop_projectonline_jewelry_shopMatch1.0

CPENameOperatorVersion
online_jewelry_shop_project:online_jewelry_shoponline jewelry shop project online jewelry shopeq1.0

CPE	Name	Operator	Version
online_jewelry_shop_project:online_jewelry_shop	online jewelry shop project online jewelry shop	eq	1.0

References

github.com/lohyt/Persistent-Cross-Site-Scripting-found-in-Online-Jewellery-Store-from-Sourcecodester-website.

github.com/lohyt/Persistent-Cross-Site-Scripting-found-in-Online-Jewellery-Store-from-Sourcecodester-website./blob/main/README.md