Cross-Site Scripting in SourceCodester E-Commerce Platform
CVE-2021-25204

5.4MEDIUM

Key Information:

Vendor: E-commerce Website Project
Status: E-commerce Website
Vendor: CVE Published:; 23 July 2021

🔔 Create E-commerce Website Project Vulnerability Alert

What is CVE-2021-25204?

A Cross-Site Scripting (XSS) vulnerability exists in the SourceCodester E-Commerce Website version 1.0. This flaw allows remote attackers to inject arbitrary web scripts or HTML via the subject field to the feedback_process.php endpoint, potentially compromising user data and site integrity. Proper input validation and sanitation measures should be enforced to mitigate this vulnerability.

References

https://github.com/BigTiger2020/E-Commerce-Website/blob/m...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2021
Vulnerability Reserved
Jan 15, 2021

CVE-2021-25204 Data

JSON