Plattform
php
Komponente
code-projects-online-shoe-store
Behoben in
1.0.1
CVE-2026-5836 describes a cross-site scripting (XSS) vulnerability discovered in Online Shoe Store, version 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user accounts and data. The vulnerability resides within the /admin/adminproduct.php file and is triggered by manipulating the productname parameter. A fix is available; upgrading to a patched version is crucial.
Successful exploitation of CVE-2026-5836 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Online Shoe Store application. This can lead to various malicious outcomes, including session hijacking, credential theft (e.g., stealing administrator login details), and defacement of the website. The attacker could potentially redirect users to phishing sites or inject malware. Given the administrative context of /admin/admin_product.php, a successful attack could grant the attacker control over product management and potentially other administrative functions.
CVE-2026-5836 has been publicly disclosed. While no active exploitation campaigns have been definitively linked to this specific vulnerability, the public availability of the vulnerability increases the risk of exploitation. The CVSS score of 2.4 indicates a low severity, but the potential impact on sensitive data and administrative functions warrants prompt remediation. No KEV listing is currently available.
Administrators of Online Shoe Store installations, particularly those using version 1.0.0–1.0, are at risk. Shared hosting environments where multiple users share the same server instance are also at increased risk, as a compromise of one user's account could potentially lead to the compromise of others.
• php / server:
grep -r "admin_product.php" /var/www/html/• generic web:
curl -I http://your-online-shoe-store.com/admin/admin_product.php?product_name=<script>alert('XSS')</script>• generic web:
grep -A 10 "admin_product.php" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.03% (9% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-5836 is to upgrade to a patched version of Online Shoe Store. If upgrading immediately is not possible, consider implementing input validation and sanitization on the productname parameter within the /admin/adminproduct.php file. Specifically, implement strict whitelisting of allowed characters and escape any potentially malicious characters before rendering the input in the HTML output. Web application firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. After upgrading, verify the fix by attempting to inject a simple XSS payload (e.g., <script>alert('XSS')</script>) into the product_name field and confirming that the script is not executed.
Aktualisieren Sie das Plugin Online Shoe Store auf die neueste verfügbare Version, da diese XSS-Vulnerabilität in der Datei admin_product.php die Ausführung von bösartigem Code ermöglicht. Überprüfen Sie den Quellcode des Plugins und wenden Sie Sicherheits-Patches an, falls erforderlich. Implementieren Sie Maßnahmen zur Validierung und Maskierung von Eingaben, um zukünftige XSS-Angriffe zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-5836 is a cross-site scripting (XSS) vulnerability affecting Online Shoe Store versions 1.0.0–1.0, allowing attackers to inject malicious scripts via the /admin/admin_product.php file.
You are affected if you are using Online Shoe Store version 1.0.0–1.0 and have not upgraded to a patched version. Check your installed version and apply the necessary updates.
The recommended fix is to upgrade to a patched version of Online Shoe Store. If immediate upgrade is not possible, implement input validation and sanitization on the product_name parameter.
While no confirmed active exploitation campaigns have been linked to this specific vulnerability, its public disclosure increases the risk of exploitation.
Please refer to the Online Shoe Store official website or security channels for the advisory related to CVE-2026-5836.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.