ECShop 4.0 User.php HTML Entity Encoding XSS Vulnerability

ECShop 4.0 User.php HTML Entity Encoding XSS Vulnerability

CVE-2020-20640 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability.

Learn more about our User Device Pen Test.