Nixon-H/PHP-Stored-XSS-Bypass-Real-Escape
GitHub
Releases0
A High-severity (7.6) Stored XSS vulnerability. The system uses mysqli_real_escape_string for sanitization, which fails to stop HTML injection. Attackers can inject malicious scripts into product fields to steal administrator session cookies and perform account takeovers.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 3.5 LOW | 4 MEDIUM | ||
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | |||