PT-2013-5866 · Oxid · Oxid Eshop

Publicado

2013-10-15

Atualizado

2018-03-22

CVE-2013-5913

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions OXID eShop versions prior to 4.6.7 OXID eShop Professional and Community Edition versions prior to 4.7.8 OXID eShop Enterprise Edition versions prior to 5.0.8

Description The issue is related to a cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php. This allows remote attackers to inject arbitrary web script or HTML via the searchrecomm parameter.

Recommendations For OXID eShop versions prior to 4.6.7, update to version 4.6.7 or later. For OXID eShop Professional and Community Edition versions prior to 4.7.8, update to version 4.7.8 or later. For OXID eShop Enterprise Edition versions prior to 5.0.8, update to version 5.0.8 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2013-5913

Produtos afetados

Oxid Eshop

PT-2013-5866 · Oxid · Oxid Eshop

CVE-2013-5913

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7