Cross site scripting

2013-10-1515:55:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.9%

JSON

Cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php in OXID eShop before 4.6.7, Professional and Community Edition 4.7.x before 4.7.8, and Enterprise Edition 5.x before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via the searchrecomm parameter.

CPENameOperatorVersion
eshopeq4.6.2
eshople4.6.6
eshopeq4.6.4
eshopeq4.6.1
eshopeq4.6.5
eshopeq4.6.0
eshopeq4.6.3
eshopeq4.7.0
eshopeq4.7.0
eshopeq4.7.1

Name	Operator	Version
eshop	eq	4.6.2
eshop	le	4.6.6
eshop	eq	4.6.4
eshop	eq	4.6.1
eshop	eq	4.6.5
eshop	eq	4.6.0
eshop	eq	4.6.3
eshop	eq	4.7.0
eshop	eq	4.7.0
eshop	eq	4.7.1

Rows per page:

1-10 of 311

References

osvdb.org/98235

secunia.com/advisories/55193

wiki.oxidforge.org/Security_bulletins/2013-001

www.securityfocus.com/bid/62901

exchange.xforce.ibmcloud.com/vulnerabilities/87760