SourceCodester Online Eyewear Shop cross site scripting
CVE-2023-0966

8.8HIGH

Key Information:

Vendor

SourceCodester
Status
Online Eyewear Shop
Vendor
CVE Published:
22 February 2023

What is CVE-2023-0966?

A vulnerability exists in the SourceCodester Online Eyewear Shop 1.0 that allows for cross-site scripting through manipulation of the 'id' argument within the 'admin/?page=orders/view_order' functionality. This could enable attackers to execute arbitrary JavaScript in the context of a user's browser, potentially leading to session hijacking or defacement. The exploit is publicly known and remote attacks are possible, making this a significant concern for users of the application.

Affected Version(s)

Online Eyewear Shop 1.0

References

https://vuldb.com/?id.221635
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221635
signaturepermissions-required
https://github.com/1MurasaKi/Eyewear_Shop_XSS/blob/main/R...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Murasaki (VulDB User)
.