In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS).
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
https://github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Online%20Book%20Store-XSS.md | third party advisory exploit |