CyberSec.Space Logo
Back to CVE Browser

CVE-2015-3421

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1820%
EPSS Percentile15.74th
PublishedJul 21, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.

Affected Platforms (CPE)

πŸ“¦
Eshop Project

Eshop

<= 6.3.11

References & Advisories

πŸ”— http://www.securityfocus.com/bid/74477
πŸ”— https://www.htbridge.com/advisory/HTB23255
πŸ”— http://www.securityfocus.com/bid/74477
πŸ”— https://www.htbridge.com/advisory/HTB23255

Related Vulnerabilities

CVE-2003-050910.0

SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and g...

CVE-2009-311210.0

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to ga...

CVE-2019-130269.8

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker...

CVE-2019-170628.8

An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, ...