VYPR

Peel Shopping

by Advisto

CVEs (4)

  • CVE-2018-20848HigJun 30, 2019
    risk 0.57cvss 8.8epss 0.01

    Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.

  • CVE-2019-20178MedJan 9, 2020
    risk 0.42cvss 6.5epss 0.00

    Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user.

  • CVE-2021-27190MedFeb 12, 2021
    risk 0.35cvss 5.4epss 0.02

    A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious…

  • CVE-2018-1000887MedDec 28, 2018
    risk 0.31cvss 4.8epss 0.01

    Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This attack appears to be exploitable if the malicious user has access to the…