EPSS
Percentile
22.7%
The extension fails to properly encode user input for output in HTML context. A valid backend user account with access to the Aimeos module is needed to exploit this vulnerability.