Vulnerability Description
Cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php in OXID eShop before 4.6.7, Professional and Community Edition 4.7.x before 4.7.8, and Enterprise Edition 5.x before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via the searchrecomm parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oxid-Esales | Eshop | <= 4.6.6 |
Related Weaknesses (CWE)
References
- http://osvdb.org/98235Broken Link
- http://secunia.com/advisories/55193Vendor Advisory
- http://wiki.oxidforge.org/Security_bulletins/2013-001Vendor Advisory
- http://www.securityfocus.com/bid/62901Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87760VDB Entry
- http://osvdb.org/98235Broken Link
- http://secunia.com/advisories/55193Vendor Advisory
- http://wiki.oxidforge.org/Security_bulletins/2013-001Vendor Advisory
- http://www.securityfocus.com/bid/62901Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87760VDB Entry
FAQ
What is CVE-2013-5913?
CVE-2013-5913 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php in OXID eShop before 4.6.7, Professional and Community Edition 4.7.x before 4.7.8, and Enterprise Edition 5.x...
How severe is CVE-2013-5913?
CVE-2013-5913 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5913?
Check the references section above for vendor advisories and patch information. Affected products include: Oxid-Esales Eshop.