Lucene search
GitHub Advisory DatabaseGHSA-4VF4-955G-VXP2HistoryOct 18, 2022 - 7:52 p.m.
OroCommerce Cross site scripting vulnerability during shipping rule editing for UPS integration
2022-10-1819:52:25
CWE-79
GitHub Advisory Database
github.com
14
orocommerce
cross site scripting
ups integration
shipping rule
vulnerability
software
CVSS3
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
EPSS
0.001
Percentile
22.7%
Impact
Shipping rule edit page is vulnerable to cross site scripting (XSS) payload added to UPS Surcharge field. The attacker should have permission to create or edit a shipping rule.
Affected configurations
Node
orocommerceRange4.1.0–5.0.6
Related
cvelist
cvelist
veracode
veracode
Cross-Site Scripting (XSS)
2022-10-19 12:16:09
osv
osv
OroCommerce Cross site scripting vulnerability during shipping rule editing for UPS integration
2022-10-18 19:52:25
CVE-2022-31037
2022-10-18 10:15:10
nvd
nvd
CVE-2022-31037
2022-10-18 10:15:10
cve
cve
CVE-2022-31037
2022-10-18 10:15:10
prion
prion
Cross site scripting
2022-10-18 10:15:00
CVSS3
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
EPSS
0.001
Percentile
22.7%
Related for GHSA-4VF4-955G-VXP2