PT-2018-9603 · Peel · Peel Shopping

Carlcj

Published

2018-12-27

Updated

2021-02-22

CVE-2018-1000887

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: peel-shopping 9 1 0 version

Description: The issue allows an authenticated user to inject java script code in the Site Name EN parameter, resulting in a Cross Site Scripting (XSS) issue. This can be exploited if the malicious user has access to the administration account.

Recommendations: For peel-shopping 9 1 0 version, avoid using the Site Name EN parameter until the issue is resolved. As a temporary workaround, consider restricting access to the administration account to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-1000887

Affected Products

Peel Shopping

PT-2018-9603 · Peel · Peel Shopping

CVE-2018-1000887

Weakness Enumeration

Related Identifiers

Affected Products

References · 3