CVE-2014-2016 in eShopinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

02/17/2014

Disclosure

03/25/2014

Moderation

VulDB entry created

Entries

1: VDB-66781

CPE

ready

CWE

CWE-79 (Confirmed)

Exploit

Download

CVSS

4.3

EPSS

0.00590

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-2016
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2016
CVE Details	https://www.cvedetails.com/cve/CVE-2014-2016/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!