Stored XSS Vulnerability in Online Jewelry Shop v1.0 Allows Arbitrary Code Execution via Category Name Parameter

Stored XSS Vulnerability in Online Jewelry Shop v1.0 Allows Arbitrary Code Execution via Category Name Parameter

CVE-2023-27776 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter.

Learn more about our Web App Pen Testing.