← back
CVE-2018-7465

CVE-2018-7465

EPSS 2.4%
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/44625/unverifiedexploitdbwww.exploit-db.com/exploits/44625unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://imgur.com/a/Hf6JDhttps://www.exploit-db.com/exploits/44625/http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling