Lucene search
GoogleOSV:GHSA-4VF4-955G-VXP2HistoryOct 18, 2022 - 7:52 p.m.
OroCommerce Cross site scripting vulnerability during shipping rule editing for UPS integration
2022-10-1819:52:25
Google
osv.dev
11
orocommerce
xss
ups integration
shipping rule
vulnerability
CVSS3
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
EPSS
0.001
Percentile
22.7%
Impact
Shipping rule edit page is vulnerable to cross site scripting (XSS) payload added to UPS Surcharge field. The attacker should have permission to create or edit a shipping rule.
Related
veracode
veracode
Cross-Site Scripting (XSS)
2022-10-19 12:16:09
cvelist
cvelist
github
github
nvd
nvd
CVE-2022-31037
2022-10-18 10:15:10
cve
cve
CVE-2022-31037
2022-10-18 10:15:10
prion
prion
Cross site scripting
2022-10-18 10:15:00
osv
osv
CVE-2022-31037
2022-10-18 10:15:10
CVSS3
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
EPSS
0.001
Percentile
22.7%
Related for OSV:GHSA-4VF4-955G-VXP2