CSRF and XSS Vulnerability in Advisto PEEL SHOPPING 9.0.0
CVE-2018-20848 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.
Learn more about our Web Application Penetration Testing UK.