Описание
A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the backend.
Ссылки
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 5.1.1 (исключая)
cpe:2.3:a:hikashop:hikashop:*:*:*:*:*:joomla\!:*:*
EPSS
Процентиль: 29%
0.00105
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 1 года назад
A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend.
EPSS
Процентиль: 29%
0.00105
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79