CVE-2020-23447

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.1620%

EPSS Percentile42.67th

Published2021年1月26日

Last Modified2024年11月21日

Vulnerability Description

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".

Affected Platforms (CPE)

📦

Newbee Mall Project

Newbee Mall

= 1.0

References & Advisories

🔗 https://github.com/newbee-ltd/newbee-mall/issues/33

相关漏洞威胁

CVE-2019-191139.8

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyw...

CVE-2020-234489.8

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. ...

CVE-2020-234497.5

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigService...

CVE-2020-676910.0

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker ...