CVE-2023-1857

CWE-79 — Cross-site Scripting (XSS)CWE-416 — Use After Free4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 45.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Online Computer AND Laptop Store Oretnom23 Online Computer AND Laptop Store

Timeline

PublishedApr 5

Latest updateSep 4

Description

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manage_product&id=2. The manipulation of the argument Product Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224996.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sourcecodester/online_computer_and_laptop_store1.0

▶NVDoretnom23/online_computer_and_laptop_store1.0

🔴Vulnerability Details

CVEList

SourceCodester Online Computer and Laptop Store cross site scripting↗2023-04-05

▶

GHSA

GHSA-9j8q-r68h-7xw4: A vulnerability was found in SourceCodester Online Computer and Laptop Store 1↗2023-04-05

▶

📋Vendor Advisories

Red Hat

vim: use-after-free in function bt_quickfix↗2023-09-04

▶