CVE-2024-50969

Description

A Reflected cross-site scripting (XSS) vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter.

Vulnerability Type

Cross Site Scripting (XSS)

Vendor of Product

Code-projects

Affected Product Code Base:

https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/ - 1.0

Affected Component:

browse.php

Attack Vectors:

Set up the application locally
Navigate to the following URL in your web browser: http://localhost/jonnysLiquor-master/
In the search input field of the application, enter the following payload: "><script>alert(1)</script>
After submitting the input, the script executes in the browser, confirming the reflected XSS vulnerability.

Reference:

https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/
https://owasp.org/www-community/attacks/xss/
https://portswigger.net/web-security/cross-site-scripting/reflected

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

CVE-2024-50969

Description

Vulnerability Type

Vendor of Product

Affected Product Code Base:

Affected Component:

Attack Vectors:

Reference:

Files

README.md

Latest commit

History

README.md

File metadata and controls

CVE-2024-50969

Description

Vulnerability Type

Vendor of Product

Affected Product Code Base:

Affected Component:

Attack Vectors:

Reference: