Cross site scripting

2023-12-0820:15:00

PRIOn knowledge base

www.prio-n.com

xss

evershop

npm

vulnerability

remote attacker

sensitive information

crafted scripts

admin panel

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.2%

JSON

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel.

CPENameOperatorVersion
evershopeq1.0.0 beta2
evershopeq1.0.0 beta1
evershopeq1.0.0 beta
evershopeq1.0.0 rc3
evershopeq1.0.0 rc1
evershopeq1.0.0 rc2
evershopeq1.0.0 beta3
evershopeq1.0.0 beta4
evershopeq1.0.0 beta5

Name	Operator	Version
evershop	eq	1.0.0 beta2
evershop	eq	1.0.0 beta1
evershop	eq	1.0.0 beta
evershop	eq	1.0.0 rc3
evershop	eq	1.0.0 rc1
evershop	eq	1.0.0 rc2
evershop	eq	1.0.0 beta3
evershop	eq	1.0.0 beta4
evershop	eq	1.0.0 beta5