Smartstore.SmartStoreNET.ForumPost.Stored.XSS
Description
This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Smartstore SmartStoreNET.
The vulnerability is due to improper input validation of user input in forum posts. An unauthenticated user could exploit the vulnerability by registering an account and sending malicious requests to the target server. Successful exploitation could result in the execution of script code in the security context of the browser of any user visiting the affected pages.
Affected Products
Smartstore SmartStoreNET 4.x prior to commit ae03d45e23734555a2aef0b0c3d33c21e076c20f
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/smartstore/SmartStoreNET/commit/ae03d45e23734555a2aef0b0c3d33c21e076c20f
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |