CVE-2023-2216 LOW

CVE-2023-2216: Campcodes Coffee Shop POS System Users.php cross site scripting

Vendor Campcodes
Product Coffee Shop POS System
Weakness CWE-79 · XSS
Published April 21, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in Campcodes Coffee Shop POS System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument firstname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226981 was assigned to this vulnerability.

Key dates

02Disclosure timeline

April 21, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-2382 FPW Category Thumbnails <= 1.9.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'id' Parameter CVE-2024-50537 WordPress Smart Mockups plugin <= 1.2.0 - Stored Cross Site Scripting (XSS) vulnerability CVE-2023-27452 WordPress Button Generator – easily Button Builder Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS) CVE-2026-45467 Microsoft SharePoint Server Spoofing Vulnerability CVE-2022-3139 We’re Open! < 1.42 - Admin+ Stored Cross-Site Scripting