VYPR

Peel Shopping

by Peel

CVEs (4)

  • CVE-2021-47897HigJan 23, 2026
    risk 0.47cvss 7.2epss 0.00

    PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side…

  • CVE-2021-47892HigJan 23, 2026
    risk 0.47cvss 7.2epss 0.00

    PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side…

  • CVE-2012-5227Oct 1, 2012
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2012-5226Oct 1, 2012
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php.