Cross-Site Scripting Vulnerability in Online Pizza Ordering System by SourceCodester
CVE-2023-27211

6.1MEDIUM

Key Information:

Vendor: Online Pizza Ordering System Project
Status: Online Pizza Ordering System
Vendor: CVE Published:; 9 March 2023

🔔 Create Online Pizza Ordering System Project Vulnerability Alert

What is CVE-2023-27211?

A cross-site scripting (XSS) vulnerability exists in the /admin/navbar.php file of the Online Pizza Ordering System version 1.0. This flaw allows attackers to craft malicious payloads that can be injected through the 'page' parameter, enabling them to execute arbitrary web scripts or HTML. This vulnerability could lead to unauthorized access and manipulation of web session data, potentially affecting users and compromising the integrity of the web application.

References

https://www.sourcecodester.com/php/16166/online-pizza-ord...

https://github.com/xiumulty/CVE/blob/main/online%20pizza%...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2023
Vulnerability Reserved
Feb 27, 2023

CVE-2023-27211 Data

JSON