Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.jianshu.com/p/219755c047a1 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-28T17:29:08
Updated: 2024-08-04T14:22:25.255Z
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-20640
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-28T18:15:07.937
Modified: 2024-11-21T05:12:11.417
Link: CVE-2020-20640
Redhat
No data.