Anmol K Sachan - Security Researcher - Exploit Intelligence Platform

CVE-2021-27190 NOMISEC MEDIUM WRITEUP

PEEL SHOPPING 9.3.0 and 9.4.0 - Stored Cross-Site Scripting via Polyglot Payload

A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.

3 stars

CVSS 5.4

View Code

CVE-2021-47897 EXPLOITDB HIGH text WORKING POC

PEEL Shopping 9.3.0 - Stored Cross-Site Scripting via Address Parameter

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution.

CVSS 7.2

View Code

CVE-2021-47892 EXPLOITDB HIGH text WORKING POC

PEEL Shopping 9.3.0 - Stored Cross-Site Scripting via Comments / Special Instructions Parameter

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution.

CVSS 7.2

View Code

EIP-2026-113045 EXPLOITDB text WORKING POC

Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting

View Code