PT-2021-17855 · Aimeos · Aimeos

Torben Hansen

Published

2021-03-16

Updated

2022-05-24

CVE-2021-28380

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: aimeos versions prior to 19.10.12 aimeos versions 20.x prior to 20.10.5

Description: The issue allows Cross-site Scripting (XSS) via a backend user account. This can be exploited to execute malicious scripts in the context of the affected application.

Recommendations: For versions prior to 19.10.12, update to version 19.10.12 or later. For versions 20.x prior to 20.10.5, update to version 20.10.5 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-28380

GHSA-73WV-RGJ7-VJJ9

Affected Products

Aimeos

PT-2021-17855 · Aimeos · Aimeos

CVE-2021-28380

Weakness Enumeration

Related Identifiers

Affected Products

References · 5