Cross-Site Scripting Flaw in Fast Food Ordering System by Tr0e
CVE-2022-43082

6.1MEDIUM

Key Information:

Vendor: Fast Food Ordering System Project
Status: Fast Food Ordering System
Vendor: CVE Published:; 1 November 2022

🔔 Create Fast Food Ordering System Project Vulnerability Alert

What is CVE-2022-43082?

The Fast Food Ordering System version 1.0 contains a vulnerability that permits cross-site scripting (XSS) attacks. This flaw is found in the purchase.php file, where an attacker can inject malicious scripts through a crafted payload via the customer parameter. If exploited, this vulnerability allows attackers to execute arbitrary web scripts or HTML in the context of the user's browser, potentially leading to data theft, session hijacking, or defacement of the website. Users and administrators are urged to apply appropriate security measures.

References

https://github.com/Tr0e/CVE_Hunter/blob/main/XSS-4.md

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2022
Vulnerability Reserved
Oct 17, 2022

CVE-2022-43082 Data

JSON