Description
A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.
Exploits (1)
nomisec
WRITEUP
3 stars
by anmolksachan · poc
https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS
References (5)
Core 5
Core References
Product, Vendor Advisory x_refsource_misc
https://www.peel-shopping.com/modules/telechargement/telecharger.php?id=7
Exploit, Third Party Advisory x_refsource_misc
https://www.secuneus.com/cve-2021-27190-peel-shopping-ecommerce-shopping-cart-stored-cross-site-scripting-vulnerability-in-address/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS
Exploit, Third Party Advisory x_refsource_misc
https://github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSS
Patch, Third Party Advisory x_refsource_misc
https://github.com/advisto/peel-shopping/issues/4#issuecomment-953461611
Scores
CVSS v3
5.4
EPSS
0.0386
EPSS Percentile
88.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
peel/peel_shopping
9.3.0
peel/peel_shopping
9.4.0
Published
Feb 12, 2021
Tracked Since
Feb 18, 2026