Vulnerability Details CVE-2020-24026
TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scripting (XSS) or information disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-24026
-
cpe:2.3:a:tinyshop_project:tinyshop:1.2.0