exploitDog

CVE-2020-22723

Опубликовано: 18 нояб. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address.

Ссылки

https://baijiahao.baidu.com/s?id=1653681087434824406&wfr=spider&for=pc
Third Party Advisory
https://www.freebuf.com/articles/web/192318.html
Third Party Advisory
https://baijiahao.baidu.com/s?id=1653681087434824406&wfr=spider&for=pc
Third Party Advisory
https://www.freebuf.com/articles/web/192318.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ljcmsshop_project:ljcmsshop:1.14:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00304

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qj3r-57x6-6667

github

больше 3 лет назад

A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address.

EPSS

Процентиль: 53%

0.00304

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79