Cross-Site Scripting Vulnerability in newbee-mall by Newbee Ltd
CVE-2020-23447

6.1MEDIUM

Key Information:

Vendor: Newbee-mall Project
Status: Newbee-mall
Vendor: CVE Published:; 26 January 2021

Summary

The newbee-mall version 1.0 is susceptible to a cross-site scripting (XSS) vulnerability located in the 'shop-cart/settle' functionality. This vulnerability allows attackers to inject malicious scripts by placing XSS payloads into the address information while making a purchase. The injected scripts are executed when the order is viewed in the 'Order Management Office', exposing users to potential security risks, such as the theft of sensitive information. Immediate remediation is advised to protect against potential exploitation.

References

https://github.com/newbee-ltd/newbee-mall/issues/33

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 26, 2021
Vulnerability Reserved
Aug 13, 2020