Lucene search

K

MitreCVELIST:CVE-2021-27190

HistoryFeb 12, 2021 - 2:24 a.m.

CVE-2021-27190

2021-02-1202:24:50

mitre

www.cve.org

0.001 Low

EPSS

Percentile

48.8%

A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.

References

github.com/advisto/peel-shopping/issues/4#issuecomment-953461611

github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS

github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSS

www.peel-shopping.com/modules/telechargement/telecharger.php?id=7

www.secuneus.com/cve-2021-27190-peel-shopping-ecommerce-shopping-cart-stored-cross-site-scripting-vulnerability-in-address/

0.001 Low

EPSS

Percentile

48.8%

Related for CVELIST:CVE-2021-27190

cve1 githubexploit1 nvd1 prion1