Primary

Context

PEEL Shopping Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in PEEL Shopping version 9.3.0. The issue resides in the address parameter of the change_params.php script, allowing attackers to inject malicious JavaScript payloads. These payloads are executed when users interact with the address text box, potentially leading to client-side script execution.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, inject a JavaScript payload into the address parameter of the change_params.php script. After injection, click on the text box to edit the address. The injected JavaScript will execute, demonstrating the cross-site scripting vulnerability.

Added: Jan 23, 2026, 5:35 PM

Updated: Jan 23, 2026, 10:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.4

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.4

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PEEL Shopping Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

PEEL Shopping

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating