CVE-2021-20734 — Cross-site Scripting in INC Welcart E-commerce

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.9%

top 24.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Collne INC Welcart E-commerce Welcart E-commerce

Timeline

PublishedJun 22

Latest updateMay 24

Description

Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDwelcart/welcart_e-commerce1.5.2

▶CVEListV5collne_inc/welcart_e-commerceversions prior to 2.2.4

🔴Vulnerability Details

GHSA

GHSA-m59w-q74p-9vg2: Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2↗2022-05-24

▶

CVEList

CVE-2021-20734: Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2↗2021-06-22

▶