Vulnerability Details CVE-2023-26260
OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.1%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2023-26260
-
cpe:2.3:a:oxidforge:oxid_eshop:6.2.0
-
cpe:2.3:a:oxidforge:oxid_eshop:6.2.1
-
cpe:2.3:a:oxidforge:oxid_eshop:6.2.2
-
cpe:2.3:a:oxidforge:oxid_eshop:6.2.3
-
cpe:2.3:a:oxidforge:oxid_eshop:6.2.4
-
cpe:2.3:a:oxidforge:oxid_eshop:6.2.5
-
cpe:2.3:a:oxidforge:oxid_eshop:6.3.0
-
cpe:2.3:a:oxidforge:oxid_eshop:6.3.1
-
cpe:2.3:a:oxidforge:oxid_eshop:6.3.2
-
cpe:2.3:a:oxidforge:oxid_eshop:6.4.0
-
cpe:2.3:a:oxidforge:oxid_eshop:6.4.1
-
cpe:2.3:a:oxidforge:oxid_eshop:6.4.2
-
cpe:2.3:a:oxidforge:oxid_eshop:6.5.0
-
cpe:2.3:a:oxidforge:oxid_eshop:6.5.1