XSS Vulnerability in SourceCodester Online Jewelry Store 1.0 (CVE-2023-2864)

Vulnerability Key Information VDB ID: VDB-229820 CVE ID: CVE-2023-2864 GCVE ID: GCVE-100-229820 CVSS Meta Temp Score: 4.3 Current Exploit Price: $0-$5k CTI Interest Score: 0.00 Vulnerability Overview Application with Vulnerability Found: SourceCodester Online Jewelry Store 1.0 Affected File: customer.php Affected Component: POST Parameter Handler Vulnerability Details: When the parameter is manipulated with unknown input, it leads to a Cross-Site Scripting (XSS) vulnerability CVE Reference Number: CVE-2023-2864 Remote Attack Capability: Attack can be initiated remotely Available Exploit: Known exploit exists Vulnerability Details Exact Location of Vulnerability Found: Involves an unknown section of the file Component Affected: POST Parameter Handler Specific Issue: Unknown input in the parameter triggers a Cross-Site Scripting (XSS) vulnerability CWE ID: CWE-79 Root Cause: The product fails to properly neutralize or improperly neutralizes user-controllable input before using it as part of a web page and providing it to other users, resulting in compromised integrity Disclosure Date: July 24, 2023 Advisory Download Link: github.com Vulnerability Identifier: CVE-2023-2864 Interaction Requirement: Attack requires victim interaction Details and Public Exploit: Known technical details and public exploits available MITRE ATT&CK: Exploit technique declared as T1059.007

Goal Reached Thanks to every supporter — we hit 100%!

XSS Vulnerability in SourceCodester Online Jewelry Store 1.0 (CVE-2023-2864)