Advisto
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20848 | Hig | 0.57 | 8.8 | 0.01 | Jun 30, 2019 | Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter. | ||
| CVE-2019-20178 | Med | 0.42 | 6.5 | 0.00 | Jan 9, 2020 | Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user. | ||
| CVE-2021-27190 | Med | 0.35 | 5.4 | 0.02 | Feb 12, 2021 | A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious… | ||
| CVE-2018-1000887 | Med | 0.31 | 4.8 | 0.01 | Dec 28, 2018 | Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This attack appears to be exploitable if the malicious user has access to the… |
- risk 0.57cvss 8.8epss 0.01
Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.
- risk 0.42cvss 6.5epss 0.00
Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user.
- risk 0.35cvss 5.4epss 0.02
A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious…
- risk 0.31cvss 4.8epss 0.01
Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This attack appears to be exploitable if the malicious user has access to the…