CHT Security SOC Discovered a Vulnerability in Online Pizza Ordering System

Summary

Vulnerability List

[CVE-2023-37150] – XSS

Details

1. XSS

Description

A foreign open-source online pizza ordering system has a vulnerability (CVE-2023-37150), which can be triggered by filling in XSS syntax under a categories item on the administrator page.

Impact

This platform has a Category From under the ../admin/index.php?page=categories page, which can be filled with XSS syntax

Known Affected Software

• Version 1.0

Credits

• Noflag (CHT Security)