CVE-2021-27190
N/A
N/A
Summary
A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.peel-shopping.com/modules/telechargement/telecharger.php?id=7
- https://www.secuneus.com/cve-2021-27190-peel-shopping-ecommerce-shopping-cart-stored-cross-site-scripting-vulnerability-in-address/
- https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS
- https://github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSS
- https://github.com/advisto/peel-shopping/issues/4#issuecomment-953461611
References
- https://www.peel-shopping.com/modules/telechargement/telecharger.php?id=7
- https://www.secuneus.com/cve-2021-27190-peel-shopping-ecommerce-shopping-cart-stored-cross-site-scripting-vulnerability-in-address/
- https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS
- https://github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSS
- https://github.com/advisto/peel-shopping/issues/4#issuecomment-953461611
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.