PT-2022-26324 · Unknown · Merchandise Online Store
Published
2022-10-11
·
Updated
2022-10-11
·
CVE-2022-42236
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Merchandise Online Store version 1.0
Description
A Stored XSS issue allows the injection of arbitrary JavaScript in the edit account form.
Recommendations
For version 1.0, update the edit account form to properly sanitize user input and prevent the injection of malicious JavaScript code. As a temporary workaround, consider disabling the edit account feature until a patch is available.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Merchandise Online Store