Lucene search

[email protected]NVD:CVE-2024-44682

HistoryAug 30, 2024 - 10:15 p.m.

CVE-2024-44682

2024-08-3022:15:06

CWE-79

[email protected]

web.nvd.nist.gov

shopxo 6.2

cross site scripting

backend

post parameters

code execution

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters.

Affected configurations

Nvd

Node

shopxoshopxoMatch6.2.0

VendorProductVersionCPE
shopxoshopxo6.2.0cpe:2.3:a:shopxo:shopxo:6.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shopxo	shopxo	6.2.0	cpe:2.3:a:shopxo:shopxo:6.2.0:::::::*

References

github.com/147536951/Qianyi/blob/main/xss.md

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-44682

cve1 cvelist1 vulnrichment1