Kurniaramadhan E-Commerce-PHP Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Kurniaramadhan E-Commerce-PHP version 1.0. The issue arises in the Create Product Page, specifically within the file '/admin/create_product.php'. The vulnerability allows for the injection of malicious JavaScript into the application, which could be executed in the context of the user's browser. This XSS vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's browser.

Reproduction

The vulnerability can be reproduced by logging into the admin panel, which can be accessed by exploiting a SQL injection vulnerability to retrieve admin credentials. After logging in, navigate to the 'Create Product' page and enter a script payload, such as an alert script, into the product name field. Once the product is created, the injected script will be executed.