Описание
A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.1.0 (включая)
Одно из
cpe:2.3:a:hhg-multistore:multistore:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hhg-multistore:multistore:4.10.3:*:*:*:community:*:*:*
EPSS
Процентиль: 65%
0.00502
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 4 лет назад
A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module.
EPSS
Процентиль: 65%
0.00502
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79