Code injection

2024-01-0809:15:00

PRIOn knowledge base

www.prio-n.com

content sanitization

upsell shop

code injection

public exploits

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.2%

JSON

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

CPENameOperatorVersion
ox_app_suiteeq7.10.6 rev1
ox_app_suiteeq7.10.6 rev2
ox_app_suiteeq7.10.6 rev3
ox_app_suiteeq7.10.6 rev4
ox_app_suiteeq7.10.6 rev5
ox_app_suiteeq7.10.6 rev6
ox_app_suiteeq7.10.6 rev7
ox_app_suiteeq7.10.6 rev8
ox_app_suiteeq7.10.6 rev9
ox_app_suiteeq7.10.6 rev10

Name	Operator	Version
ox_app_suite	eq	7.10.6 rev1
ox_app_suite	eq	7.10.6 rev2
ox_app_suite	eq	7.10.6 rev3
ox_app_suite	eq	7.10.6 rev4
ox_app_suite	eq	7.10.6 rev5
ox_app_suite	eq	7.10.6 rev6
ox_app_suite	eq	7.10.6 rev7
ox_app_suite	eq	7.10.6 rev8
ox_app_suite	eq	7.10.6 rev9
ox_app_suite	eq	7.10.6 rev10