CVE-2020-27478

EUVD-2020-19988
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
simplcommercesimplcommerce
40734964b0811f3cbaf64b6dac261683d256f961 ≤
𝑥
≤ 3103357200c70b4767986544e01b19dbf11505a7
ADP
Common Weakness Enumeration
References
https://github.com/simplcommerce/SimplCommerce/issues/943
https://github.com/simplcommerce/SimplCommerce/issues/943