CVE-2020-23447

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.1620%

EPSS Percentile42.67th

PublishedJan 26, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".

Affected Platforms (CPE)

📦

Newbee Mall Project

Newbee Mall

= 1.0

References & Advisories

🔗 https://github.com/newbee-ltd/newbee-mall/issues/33

Related Vulnerabilities

CVE-2019-191139.8

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyw...

CVE-2020-234489.8

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. ...

CVE-2020-234497.5

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigService...

CVE-2020-1249310.0

An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device wi...