exploitDog

GHSA-65vp-436r-q4g3

Опубликовано: 11 апр. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.

OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.

Ссылки

EPSS

Процентиль: 60%

0.00403

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-384

Связанные уязвимости

CVE-2023-26260

CVSS3: 5.4

nvd

почти 3 года назад

OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.

EPSS

Процентиль: 60%

0.00403

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-384