Ecommerce-Website Project: >> Ecommerce-Website >> 1.0 Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-12-05
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
9.8
EPSS Score
0.032
Published
2022-04-08