Cross-Site Scripting Vulnerability in Online Pizza Ordering System by SourceCodester
CVE-2023-27208

6.1MEDIUM

Key Information:

Vendor: Online Pizza Ordering System Project
Status: Online Pizza Ordering System
Vendor: CVE Published:; 9 March 2023

🔔 Create Online Pizza Ordering System Project Vulnerability Alert

What is CVE-2023-27208?

A cross-site scripting vulnerability exists in the Online Pizza Ordering System version 1.0, specifically within the '/php-opos/login.php' file. This flaw allows attackers to exploit the system by injecting malicious scripts through the redirect parameter. Successful exploitation can lead to the execution of arbitrary web scripts or HTML in the context of the affected user, potentially compromising sensitive information and user sessions.

References

https://www.sourcecodester.com/php/16166/online-pizza-ord...

https://github.com/xiumulty/CVE/blob/main/online%20pizza%...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2023
Vulnerability Reserved
Feb 27, 2023

CVE-2023-27208 Data

JSON