exploitDog

CVE-2018-20848

Опубликовано: 30 июн. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.

Ссылки

https://packetstormsecurity.com/files/147467/Peel-Shopping-Cart-9.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/147467/Peel-Shopping-Cart-9.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:peel:peel_shopping:9.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00139

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jccq-rxp6-3ph2

CVSS3: 8.8

github

больше 3 лет назад

Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.

EPSS

Процентиль: 34%

0.00139

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-79