TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scripting (XSS) or information disclosure.
References
Link | Resource |
---|---|
https://github.com/jianyan74/TinyShop | Third Party Advisory |
https://github.com/jianyan74/TinyShop/issues/14 | Exploit Issue Tracking Third Party Advisory |
https://github.com/stavyan/TinyShop-UniApp | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-18T14:23:38
Updated: 2021-05-18T14:23:38
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-24026
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-18T15:15:07.907
Modified: 2021-05-24T19:59:28.467
Link: CVE-2020-24026
JSON object: View
Redhat Information
No data.
CWE