CVE-2023-7108

A vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. This affects an unknown part of the file user_signup.php. The manipulation of the argument firstname with the input <video/src=x onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249003.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fabianros:e-commerce_website:1.0:*:*:*:*:*:*:*

History

06 Dec 2024, 19:52

Type Values Removed Values Added
First Time Fabianros
Fabianros e-commerce Website
References () https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20Stored%20Cross-site%20Scripting.md - () https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20Stored%20Cross-site%20Scripting.md - Exploit
References () https://vuldb.com/?ctiid.249003 - () https://vuldb.com/?ctiid.249003 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.249003 - () https://vuldb.com/?id.249003 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:fabianros:e-commerce_website:1.0:*:*:*:*:*:*:*

21 Nov 2024, 08:45

Type Values Removed Values Added
References () https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20Stored%20Cross-site%20Scripting.md - () https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20Stored%20Cross-site%20Scripting.md -
References () https://vuldb.com/?ctiid.249003 - () https://vuldb.com/?ctiid.249003 -
References () https://vuldb.com/?id.249003 - () https://vuldb.com/?id.249003 -

21 Mar 2024, 02:50

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad ha sido encontrada en code-projects E-Commerce Website 1.0 y clasificada como problemática. Esto afecta a una parte desconocida del archivo user_signup.php. La manipulación del argumento nombre con la entrada conduce a Cross-Site Scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249003.

29 Feb 2024, 01:42

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-29 01:42

Updated : 2024-12-06 19:52


NVD link : CVE-2023-7108

Mitre link : CVE-2023-7108

CVE.ORG link : CVE-2023-7108


JSON object : View

Products Affected

fabianros

  • e-commerce_website
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')