CVE-2023-7124 | code-projects E-Commerce Site 1.0 search.php keyword cross site scripting

Inserito da Angelo Barbosa | Dic 27, 2023 | CVE

A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument keyword with the input <video/src=x onerror=alert(document.cookie)> leads to cross site scripting.

This vulnerability is traded as CVE-2023-7124. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2023-7124 | code-projects E-Commerce Site 1.0 search.php keyword cross site scripting

Post correlati

CVE-2023-42853 | Apple macOS prior 12.7/13.6/14.1 App access control

CVE-2023-7242 | CISA Ethercat Zeek Plugin Packet Analyzer out-of-bounds (icsa-24-051-02)

CVE-2024-35187 | Stalwart Mail Server up to 0.7.x Web Interface authorization (GHSA-rwp5-f854-ppg6)

CVE-2024-32726 | vinoth06 Frontend Dashboard Plugin up to 2.2.2 on WordPress information disclosure