Description
Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/MartDevelopers-Inc/Order_Processing_MIS
Various Sources x_refsource_misc
https://medium.com/%40mayhem7999/cve-2021-43439-d04781bca6ce
Scores
CVSS v3
6.1
EPSS
0.0055
EPSS Percentile
68.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
iorder_project/iorder
1.0
Published
Dec 20, 2021
Tracked Since
Feb 18, 2026