RafyMrX TOKO-ONLINE-ROTI Cross-Site Scripting Vulnerability

A reflected Cross-Site Scripting (XSS) vulnerability exists in RafyMrX TOKO-ONLINE-ROTI version 1.0. The issue arises in the detail_produk.php component, specifically within the produk parameter. This vulnerability allows remote attackers to inject arbitrary JavaScript, which is then executed in the context of the victim's browser.

Impact

Exploitation of this vulnerability allows for the execution of injected JavaScript in the victim's browser, which could lead to session hijacking, unauthorized actions in the context of the user's session, or disclosure of sensitive information.

Reproduction

To reproduce this vulnerability, send a request to the detail_produk.php component with a crafted produk parameter that includes a script tag. The injected script will be reflected in the response and executed by the browser.

Remediation

Users are advised to sanitize and encode user input before reflecting it in HTML output. Applying context-aware output encoding can prevent script execution.