CVE-2020-6579

Name of the Vulnerable Software and Affected Versions MailBeez plugin for ZenCart versions prior to 3.9.22

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the cloudloader mode parameter in the mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader core.php files.

Recommendations For MailBeez plugin for ZenCart versions prior to 3.9.22, update to version 3.9.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the cloudloader mode parameter in the affected API endpoints until a patch is available.