CVE-2019-8290

Summary

Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.

Affected Software

VendorProductVersion RangeStatus
abcprintfOnline Storeunspecified <= 1.0affected

Weaknesses

  • User input not sanitized in sent_register.php.

ADP Enrichment

CVE Program Container

Additional References

References