exploitDog

GHSA-9ghv-qpxv-wccq

Опубликовано: 15 янв. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 5.1

CVSS3: 7.2

Описание

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.

Ссылки

EPSS

Процентиль: 1%

0.00009

Низкий

5.1 Medium

CVSS4

7.2 High

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-47769

CVSS3: 4.8

nvd

24 дня назад

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.

EPSS

Процентиль: 1%

0.00009

Низкий

5.1 Medium

CVSS4

7.2 High

CVSS3

CVE ID

Дефекты

CWE-79