cve/2023/CVE-2023-7149.md

### [CVE-2023-7149](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7149)
![](https://img.shields.io/static/v1?label=Product&message=QR%20Code%20Generator&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)

### Description

A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input "><iMg src=N onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249153 was assigned to this vulnerability.

### POC

#### Reference
- https://github.com/h4md153v63n/CVEs/blob/main/QR_Code_Generator/QR_Code_Generator-Reflected_Cross_Site_Scripting.md

#### Github
- https://github.com/h4md153v63n/CVEs
- https://github.com/h4md153v63n/h4md153v63n