PT-2022-15929 · Xmpie · Xmpie Ustore
Matt Schmidt
+1
·
Published
2022-02-10
·
Updated
2022-09-30
·
CVE-2022-23321
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
XMPie UStore version 12.3.7244.0
Description
A persistent cross-site scripting (XSS) issue exists in the administrative panel when editing users, specifically affecting two input fields.
Recommendations
For version 12.3.7244.0, consider temporarily disabling the editing functionality for users in the administrative panel until a patch is available. Restrict access to the administrative panel to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xmpie Ustore