Code injection

2024-01-0809:15:00

PRIOn knowledge base

www.prio-n.com

code injection

user-defined script

upsell shop

url

dom

sanitization

trusted domain

exploits

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.2%

JSON

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

CPENameOperatorVersion
ox_app_suiteeq7.10.6 rev1
ox_app_suiteeq7.10.6 rev2
ox_app_suiteeq7.10.6 rev3
ox_app_suiteeq7.10.6 rev4
ox_app_suiteeq7.10.6 rev5
ox_app_suiteeq7.10.6 rev6
ox_app_suiteeq7.10.6 rev7
ox_app_suiteeq7.10.6 rev8
ox_app_suiteeq7.10.6 rev9
ox_app_suiteeq7.10.6 rev10

Name	Operator	Version
ox_app_suite	eq	7.10.6 rev1
ox_app_suite	eq	7.10.6 rev2
ox_app_suite	eq	7.10.6 rev3
ox_app_suite	eq	7.10.6 rev4
ox_app_suite	eq	7.10.6 rev5
ox_app_suite	eq	7.10.6 rev6
ox_app_suite	eq	7.10.6 rev7
ox_app_suite	eq	7.10.6 rev8
ox_app_suite	eq	7.10.6 rev9
ox_app_suite	eq	7.10.6 rev10