CVE-2023-1359

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.3%

top 46.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Gadget Works Online Ordering System Gadget Works Online Ordering System Project Gadget Works Online Ordering System

Timeline

PublishedMar 12

Description

A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222862 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sourcecodester/gadget_works_online_ordering_system1.0

▶NVDgadget_works_online_ordering_system_project/gadget_works_online_ordering_system1.0

🔴Vulnerability Details

GHSA

GHSA-7gcx-83mm-qfhq: A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1↗2023-03-12

▶

CVEList

SourceCodester Gadget Works Online Ordering System Add New User cross site scripting↗2023-03-12

▶