Описание
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the , leading to a possible XSS.
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.14 (исключая)
cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:joomla\!:*:*
EPSS
Процентиль: 51%
0.00278
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.
EPSS
Процентиль: 51%
0.00278
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79