CVE-2021-43141
Vendor
Description:
Cross-Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application and users_application. The attacker can use SQL - Injection bypass Authentication method to log in to the admin account of the system and then he can exploit this account by using XSS-Stored to attack and exploit the account, and then he can use remote requests to hijack PHPSESSID and can exploit this account and users into it by using an XSS-Stored method! Conclusion: The status of this system is CRITICAL and awful, and this must be stopped immediately for distribution!

