CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field.

![Nithissh](https://miro.medium.com/fit/c/56/56/0*E0KoSsObMK-GZC5t)

**Multiple XSS Vulnerabilities exists in the iOrder**

Discovered by **Nithissh S**

**Vulnerable Version: 1.0**

**Vendor Homepage:**

**Bug Description:**

Multiple Stored XSS Vulnerability in the Source Code of iOrder 1.0 allows remote attacker to execute arbitrary code via signup form in the Name and Phone number field.

**Steps to Produce:**

1.  First of all we will have a look into the Source code

![](https://miro.medium.com/max/1400/1*r4JDmevOWfQnHg7RlhIK3w.png)

add customer source code

2\. So , as you can see the input fields weren’t properly sanitized

3\. So lets register for customer account and replace input field such that Name and Phone number with XSS payload as a example below

![](https://miro.medium.com/max/1400/1*D7bFJxQZc0a-079OEhuMnw.png)

Signup form

4\. After the Successful registration , XSS will triggered before and after the authentication

Headline

CVE-2021-43440: CVE-2021–43440 - Nithissh - Medium

CVE: Latest News