CVE-2020-20640

Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability.
References
Link Resource
https://www.jianshu.com/p/219755c047a1 Exploit Third Party Advisory
https://www.jianshu.com/p/219755c047a1 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:shopex:ecshop:4.0:*:*:*:*:*:*:*

History

21 Nov 2024, 05:12

Type Values Removed Values Added
References () https://www.jianshu.com/p/219755c047a1 - Exploit, Third Party Advisory () https://www.jianshu.com/p/219755c047a1 - Exploit, Third Party Advisory

Information

Published : 2021-06-28 18:15

Updated : 2024-11-21 05:12


NVD link : CVE-2020-20640

Mitre link : CVE-2020-20640

CVE.ORG link : CVE-2020-20640


JSON object : View

Products Affected

shopex

  • ecshop
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')