NVD Vulnerability Detail

CVE-2021-27190

Summary	A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.
Publication Date	Feb. 12, 2021, 12:15 p.m.
Registration Date	Feb. 12, 2021, 4:03 p.m.
Last Update	Nov. 21, 2024, 2:57 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://github.com/advisto/peel-shopping/issues/4#issuecomment-953461611	Patch Third Party Advisory
2	https://github.com/advisto/peel-shopping/issues/4#issuecomment-953461611	Patch Third Party Advisory
3	https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS	Exploit Third Party Advisory
4	https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS	Exploit Third Party Advisory
5	https://github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSS	Exploit Third Party Advisory
6	https://github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSS	Exploit Third Party Advisory
7	https://www.peel-shopping.com/modules/telechargement/telecharger.php?id=7	Product Vendor Advisory
8	https://www.peel-shopping.com/modules/telechargement/telecharger.php?id=7	Product Vendor Advisory
9	https://www.secuneus.com/cve-2021-27190-peel-shopping-ecommerce-shopping-cart-stored-cross-site-scripting-vulnerability-in-address/	Exploit Third Party Advisory
10	https://www.secuneus.com/cve-2021-27190-peel-shopping-ecommerce-shopping-cart-stored-cross-site-scripting-vulnerability-in-address/	Exploit Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

JVN Vulnerability Information

PEEL SHOPPING におけるクロスサイトスクリプティングの脆弱性

Title	PEEL SHOPPING におけるクロスサイトスクリプティングの脆弱性
Summary	PEEL SHOPPING には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Feb. 11, 2021, midnight
Registration Date	Nov. 4, 2021, 4:49 p.m.
Last Update	Nov. 4, 2021, 4:49 p.m.

Affected System

PEEL

PEEL SHOPPING 9.3.0

PEEL SHOPPING 9.4.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-27190	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27190
National Vulnerability Database (NVD)
2	CVE-2021-27190	https://nvd.nist.gov/vuln/detail/CVE-2021-27190
関連文書
3	CVE-2021-27190 - PEEL Shopping, eCommerce shopping cart - Stored Cross-Site Scripting Vulnerability in 'Address'	https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
PEEL
1	Download center : peel-shopping_9_4_0.zip	https://www.peel-shopping.com/modules/telechargement/telecharger.php?id=7

その他

No	Name	URL
関連文書
1	Stored Cross site Scripting in "‘Address’" parameter (Peel Shopping 9.4.0) #4	https://github.com/advisto/peel-shopping/issues/4#issuecomment-953461611

Change Log

No	Changed Details	Date of change
1	[2021年11月04日] 掲載	Nov. 4, 2021, 4:49 p.m.