CSRF and XSS Vulnerability in Advisto PEEL SHOPPING 9.0.0

CSRF and XSS Vulnerability in Advisto PEEL SHOPPING 9.0.0

CVE-2018-20848 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.

Learn more about our Web Application Penetration Testing UK.