Vulnerability Description
A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Peel | Peel Shopping | 9.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/advisto/peel-shopping/issues/4#issuecomment-953461611PatchThird Party Advisory
- https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XExploitThird Party Advisory
- https://github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSSExploitThird Party Advisory
- https://www.peel-shopping.com/modules/telechargement/telecharger.php?id=7ProductVendor Advisory
- https://www.secuneus.com/cve-2021-27190-peel-shopping-ecommerce-shopping-cart-stExploitThird Party Advisory
- https://github.com/advisto/peel-shopping/issues/4#issuecomment-953461611PatchThird Party Advisory
- https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XExploitThird Party Advisory
- https://github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSSExploitThird Party Advisory
- https://www.peel-shopping.com/modules/telechargement/telecharger.php?id=7ProductVendor Advisory
- https://www.secuneus.com/cve-2021-27190-peel-shopping-ecommerce-shopping-cart-stExploitThird Party Advisory
FAQ
What is CVE-2021-27190?
CVE-2021-27190 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in ja...
How severe is CVE-2021-27190?
CVE-2021-27190 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27190?
Check the references section above for vendor advisories and patch information. Affected products include: Peel Peel Shopping.