CVE Catalog

CVE-2023-3681

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile — higher than 39% of all known CVEs

Summary

A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 that allows cross site scripting (XSS) attacks through manipulation of the 'description' argument in the /admin/modal_add_product.php file. The attack can be initiated remotely.

Risk Assessment

This vulnerability may lead to user data theft and session hijacking, posing a serious threat to the application's security and its users.

Recommendation

It is recommended to immediately update the application to the latest version and implement proper input sanitization filters to prevent XSS attacks.

Original NVD description (English source)

A vulnerability classified as problematic was found in Campcodes Retro Cellphone Online Store 1.0. This vulnerability affects unknown code of the file /admin/modal_add_product.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-234226 is the identifier assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS