Cross-Site Scripting Vulnerability in Online Shop Store by Code Projects
CVE-2024-11243

6.1MEDIUM

Key Information:

Vendor
Code-projects
Status
Online Shop Store
Vendor
CVE Published:
15 November 2024

Summary

A vulnerability has been discovered in the Online Shop Store version 1.0, specifically in the /signup.php file. This security flaw arises when the 'm2' argument is manipulated with a malicious payload, allowing the execution of arbitrary JavaScript code. This could potentially lead to sensitive information exposure via cookies, as the attack can be executed remotely. The exploit has already been made public, increasing the urgency for users of this application to take appropriate security measures.

References

https://vuldb.com/?id.284679
https://vuldb.com/?ctiid.284679
https://vuldb.com/?submit.442075

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.
CVE-2024-11243 : Cross-Site Scripting Vulnerability in Online Shop Store by Code Projects | SecurityVulnerability.io