CVE-2023-27776

CVSS V2 None CVSS V3 None

Description

A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter.

Overview

CVE ID
CVE-2023-27776

Assigner
cve@mitre.org

Vulnerability Status
Undergoing Analysis

Published Version
2023-04-19T12:15:08

Last Modified Date
2023-04-19T12:39:28

References

Reference URL	Reference Tags
https://github.com/lohyt/Persistent-Cross-Site-Scripting-found-in-Online-Jewellery-Store-from-Sourcecodester-website.
https://github.com/lohyt/Persistent-Cross-Site-Scripting-found-in-Online-Jewellery-Store-from-Sourcecodester-website./blob/main/README.md

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-27776
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27776

History

Created	Old Value	New Value	Data Type	Notes
2023-04-19 13:01:30				Added to TrackCVE
2023-04-25 13:01:20	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated