exploitDog

CVE-2020-28456

Опубликовано: 15 дек. 2020

Источник: nvd

CVSS3: 7.3

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.

Ссылки

https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219
Patch
Third Party Advisory
https://github.com/s-cart/s-cart/issues/52
Exploit
Third Party Advisory
https://github.com/s-cart/s-cart/releases/tag/v4.4
Third Party Advisory
https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609
Exploit
Third Party Advisory
https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219
Patch
Third Party Advisory
https://github.com/s-cart/s-cart/issues/52
Exploit
Third Party Advisory
https://github.com/s-cart/s-cart/releases/tag/v4.4
Third Party Advisory
https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:s-cart:s-cart:*:*:*:*:*:*:*:*

Версия до 4.4 (исключая)

EPSS

Процентиль: 55%

0.00326

Низкий

7.3 High

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-c6vf-v2c4-qvvh

github

больше 3 лет назад

The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.

EPSS

Процентиль: 55%

0.00326

Низкий

7.3 High

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79