virus logo Intrusion Prevention

Smartstore.SmartStoreNET.ForumPost.Stored.XSS

description-logoDescription

This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Smartstore SmartStoreNET.
The vulnerability is due to improper input validation of user input in forum posts. An unauthenticated user could exploit the vulnerability by registering an account and sending malicious requests to the target server. Successful exploitation could result in the execution of script code in the security context of the browser of any user visiting the affected pages.

affected-products-logoAffected Products

Smartstore SmartStoreNET 4.x prior to commit ae03d45e23734555a2aef0b0c3d33c21e076c20f

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://github.com/smartstore/SmartStoreNET/commit/ae03d45e23734555a2aef0b0c3d33c21e076c20f

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-02-14 19.259 Default_action:pass:drop
2021-12-13 19.217
ID 50981
Created Dec 06, 2021
Updated Jun 29, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2021-32608
Exploit Prediction Score 0.39%
Default Action drop
Active
Affected OS Windows
Affected App Other