There is no filtering or escaping of user input.
Fully trust the queried database data and output it directly.
Access the URL to add product information,and enter an XSS attack payload as the product name.
Inquire about product information.
Trigger XSS attack.

There is no filtering or escaping of user input.
Fully trust the queried database data and output it directly.
Access the URL to add product information,and enter an XSS attack payload as the product name.
Inquire about product information.
Trigger XSS attack.