Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and previous versions, 4.7.x prior to 4.7.11, and 4.8.x prior to 4.8.4, and Enterprise Edition 4.6.8 and previous versions, 5.0.x prior to 5.0.11 and 5.1.x prior to 5.1.4 allow remote malicious users to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oxid-esales eshop |