Cross Site Scripting Vulnerability Discovered in SourceCodester's Online Food Ordering System
CVE-2024-8604
6.1MEDIUM
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 9 September 2024
What is CVE-2024-8604?
A cross site scripting vulnerability exists in the SourceCodester Online Food Ordering System, specifically within the Create an Account Page accessed through index.php. This issue arises due to inadequate validation of user inputs, particularly the 'First Name' and 'Last Name' fields. Malicious actors can exploit this vulnerability remotely, allowing for scripting attacks that may compromise user sessions and execute unauthorized commands in the context of other users. Ensuring proper input sanitization practices is crucial to mitigate this risk and enhance overall application security.
Affected Version(s)
Online Food Ordering System 2.0