Cross Site Scripting Vulnerability Discovered in SourceCodester's Online Food Ordering System
CVE-2024-8604

6.1MEDIUM

Key Information:

Vendor
Sourcecodester
Status
Online Food Ordering System
Vendor
CVE Published:
9 September 2024

Summary

A cross site scripting vulnerability exists in the SourceCodester Online Food Ordering System, specifically within the Create an Account Page accessed through index.php. This issue arises due to inadequate validation of user inputs, particularly the 'First Name' and 'Last Name' fields. Malicious actors can exploit this vulnerability remotely, allowing for scripting attacks that may compromise user sessions and execute unauthorized commands in the context of other users. Ensuring proper input sanitization practices is crucial to mitigate this risk and enhance overall application security.

Affected Version(s)

Online Food Ordering System 2.0

References

https://vuldb.com/?id.276831
vdb-entrytechnical-description
https://vuldb.com/?ctiid.276831
signaturepermissions-required
https://vuldb.com/?submit.404660
third-party-advisory

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

knoxpro (VulDB User)
.