Cross Site Scripting Vulnerability in Exrick XMall Admin Panel
CVE-2021-43432

6.1MEDIUM

Key Information:

Vendor

Exrick

Status
Xmall
Vendor
CVE Published:
7 April 2022

What is CVE-2021-43432?

A Cross Site Scripting (XSS) vulnerability has been identified in the Exrick XMall Admin Panel, specifically through the GET parameter in the product-add.jsp file. This flaw allows an attacker to inject malicious scripts into web pages viewed by users. Exploiting this vulnerability could potentially lead to unauthorized actions or data exposure, compromising the security of the application and its users. Ensuring that your version of the XMall Admin Panel is updated and implementing proper input validation can help mitigate this risk.

References

http://exrick.com
x_refsource_MISC
https://github.com/Exrick/xmall
x_refsource_MISC
https://github.com/Exrick/xmall/blob/b146cceb21ca42d4237f...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.