CVE-2021-47897

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PEEL Shopping version 9.3.0

Description The software contains a stored cross-site scripting issue in the address parameter of the ''change params.php'' script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution. The vulnerable parameter is address.

Recommendations Apply updates to address the issue in the ''change params.php'' script. As a temporary workaround, sanitize user input for the address parameter to prevent the injection of malicious scripts.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-47897

Affected Products

Peel Shopping

CVE-2021-47897

Weakness Enumeration

Related Identifiers

Affected Products

References · 6