Shipping rule edit page is vulnerable to XSS payload added to UPS Surcharge field. The attacker should have permission to create or edit a shipping rule.
Severity
Moderate
6.9
/ 10
CVSS base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
High
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
CVE ID
CVE-2022-31037
Weaknesses
No CWEs
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.
Impact
Shipping rule edit page is vulnerable to XSS payload added to UPS Surcharge field. The attacker should have permission to create or edit a shipping rule.