osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
References
Link | Resource |
---|---|
https://forums.oscommerce.com/forum/17-news-and-announcements/ | Release Notes Vendor Advisory |
https://github.com/aslanemre/cve-2020-29070/blob/main/CVE-2020-29070 | Exploit Third Party Advisory |
https://github.com/gburton/CE-Phoenix/commits/master | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-25T19:05:11
Updated: 2020-11-25T19:05:11
Reserved: 2020-11-25T00:00:00
Link: CVE-2020-29070
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-25T20:15:10.917
Modified: 2020-11-27T17:41:48.517
Link: CVE-2020-29070
JSON object: View
Redhat Information
No data.
CWE