Описание
Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.
Ссылки
- PatchVendor Advisory
- ExploitPatch
- Vendor AdvisoryURL Repurposed
- Exploit
- Exploit
- Exploit
- ExploitPatch
- ExploitPatch
- Patch
- PatchVendor Advisory
- ExploitPatch
- Vendor AdvisoryURL Repurposed
- Exploit
- Exploit
- Exploit
- ExploitPatch
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:oneworldstore:oneworldstore:*:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05846
Низкий
5.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.
EPSS
Процентиль: 90%
0.05846
Низкий
5.8 Medium
CVSS2
Дефекты
NVD-CWE-Other