CVE-2026-7294

· NIST NVD ↗

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /admin/index.php?page=save_settings. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used.

LOW
CVSS severity
2.4
CVSS base score
2026-04-28
Published

CWE codes

CWE-79CWE-94

Sources