PT-2012-2163 · Joomlaboard+1 · Jbshop Plugin+1
Published
2012-09-20
·
Updated
2012-12-20
·
CVE-2011-5186
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
e107 version 7
Description
A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the
item id parameter in the jbShop plugin.Recommendations
For version 7, update the jbShop plugin to a version that fixes this issue, ensuring the
item id parameter is properly sanitized to prevent code injection.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
E107
Jbshop Plugin