CVE-2018-7465

Sažetak

An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.

Reference

http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling
https://imgur.com/a/Hf6JD
https://www.exploit-db.com/exploits/44625/

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

06-06-2018 - 12:50

Objavljeno

26-04-2018 - 19:29