Cross site scripting

2023-12-0820:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

evershop

npm

vulnerability

remote attacker

sensitive information

crafted request

sortby parameter

nvd

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.2%

JSON

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.

CPENameOperatorVersion
evershopeq1.0.0 beta2
evershopeq1.0.0 beta1
evershopeq1.0.0 beta
evershopeq1.0.0 rc3
evershopeq1.0.0 rc1
evershopeq1.0.0 rc2
evershopeq1.0.0 beta3
evershopeq1.0.0 beta4
evershopeq1.0.0 beta5
evershopeq1.0.0 rc5

Name	Operator	Version
evershop	eq	1.0.0 beta2
evershop	eq	1.0.0 beta1
evershop	eq	1.0.0 beta
evershop	eq	1.0.0 rc3
evershop	eq	1.0.0 rc1
evershop	eq	1.0.0 rc2
evershop	eq	1.0.0 beta3
evershop	eq	1.0.0 beta4
evershop	eq	1.0.0 beta5
evershop	eq	1.0.0 rc5