A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.
References
Link | Resource |
---|---|
https://github.com/advisto/peel-shopping/issues/4#issuecomment-953461611 | Patch Third Party Advisory |
https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS | Exploit Third Party Advisory |
https://github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSS | Exploit Third Party Advisory |
https://www.peel-shopping.com/modules/telechargement/telecharger.php?id=7 | Product Vendor Advisory |
https://www.secuneus.com/cve-2021-27190-peel-shopping-ecommerce-shopping-cart-stored-cross-site-scripting-vulnerability-in-address/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Dec 2021, 20:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:peel:peel_shopping:9.4.0:*:*:*:*:*:*:* | |
References | (MISC) https://www.peel-shopping.com/modules/telechargement/telecharger.php?id=7 - Product, Vendor Advisory | |
References | (MISC) https://github.com/advisto/peel-shopping/issues/4#issuecomment-953461611 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSS - Exploit, Third Party Advisory |
17 Nov 2021, 22:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc. |
10 Nov 2021, 01:16
Type | Values Removed | Values Added |
---|---|---|
Summary | A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 which is publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc. | |
References |
|
03 Nov 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Nov 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc. | |
References |
|
Information
Published : 2021-02-12 03:15
Updated : 2024-02-04 21:23
NVD link : CVE-2021-27190
Mitre link : CVE-2021-27190
CVE.ORG link : CVE-2021-27190
JSON object : View
Products Affected
peel
- peel_shopping
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')