CVE-2021-47892

Name of the Vulnerable Software and Affected Versions PEEL Shopping version 9.3.0

Description PEEL Shopping 9.3.0 has a stored cross-site scripting issue in the 'Comments / Special Instructions' parameter of the purchase page. An attacker can inject malicious JavaScript payloads that execute when the page is refreshed, potentially allowing client-side script execution. The vulnerable parameter is Comments / Special Instructions. The affected API endpoint is the purchase page.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.