Vulnerability Details : CVE-2023-26260
OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.
Products affected by CVE-2023-26260
- cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:enterprise:*:*:*
- Oxidforge » Oxid Eshop » Professional EditionVersions from including (>=) 6.2.0 and before (<) 6.5.2cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:professional:*:*:*
- cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:community:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-26260
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-26260
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
NIST |
References for CVE-2023-26260
-
https://docs.oxid-esales.com/de/security/security-bulletins.html#security-bulletin-2023-001
Security-Bulletins — OXID eSales DokumentationVendor Advisory
Jump to