CVE-2019-8290

Description

Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.

Affected products

• abcprintf / Online Storeunspecified – 1.0

References

• MISChttp://www.vapidlabs.com/advisory.php?v=210
• MISChttps://www.abcprintf.com/view_download.php?id=17
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2019/10/02/1