A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input <svg%20onload=alert(document.cookie)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
History

Tue, 10 Dec 2024 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects online Shop Store
CPEs cpe:2.3:a:code-projects:online_shop_store:1.0:*:*:*:*:*:*:*
Vendors & Products Code-projects online Shop Store

Fri, 15 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects online Shop Stores
CPEs cpe:2.3:a:code-projects:online_shop_stores:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects online Shop Stores
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 15 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input <svg%20onload=alert(document.cookie)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Title code-projects Online Shop Store signup.php cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-11-15T15:00:09.181Z

Updated: 2024-11-15T18:59:49.052Z

Reserved: 2024-11-15T07:25:33.726Z

Link: CVE-2024-11243

cve-icon Vulnrichment

Updated: 2024-11-15T18:58:27.046Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-15T15:15:06.557

Modified: 2024-12-10T17:29:05.970

Link: CVE-2024-11243

cve-icon Redhat

No data.