Cross-Site Scripting Vulnerability in Online Pizza Ordering System from Xiumulty
CVE-2023-27212

6.1MEDIUM

Key Information:

Vendor: Online Pizza Ordering System Project
Status: Online Pizza Ordering System
Vendor: CVE Published:; 9 March 2023

🔔 Create Online Pizza Ordering System Project Vulnerability Alert

What is CVE-2023-27212?

A cross-site scripting (XSS) vulnerability exists in the signup.php file of the Online Pizza Ordering System 1.0. This flaw permits attackers to execute arbitrary web scripts or HTML by injecting a specially crafted payload into the redirect parameter. Such exploitation can lead to unauthorized access to sensitive information, session hijacking, or redirecting users to malicious websites. It is critical for users to ensure that their systems are patched to mitigate risks associated with this vulnerability.

References

https://www.sourcecodester.com/php/16166/online-pizza-ord...

https://github.com/xiumulty/CVE/blob/main/online%20pizza%...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2023
Vulnerability Reserved
Feb 27, 2023

CVE-2023-27212 Data

JSON