Added |
CVSS V3.1 |
|
Israel National Cyber Directorate AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
|
Removed |
CVSS V3.1 |
Israel National Cyber Directorate AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
|
|
Removed |
CVSS V3.1 Reason |
A-No availability impacts identified
|
|
Removed |
CVSS V3.1 Reason |
AV-Lack of information
|
|
Removed |
CVSS V3.1 Reason |
C-No confidentiality impacts identified
|
|
Removed |
CVSS V3.1 Reason |
I-No limiting factors
|
|
Removed |
CVSS V3.1 Reason |
PR-No privileges needed
|
|
Removed |
CVSS V3.1 Reason |
UI-User Interaction not identified
|
|
Added |
CWE |
|
Israel National Cyber Directorate CWE-79
|
Removed |
CWE |
Israel National Cyber Directorate CWE-284
|
|
Removed |
CWE Reason |
CWE-284 / Not enough information
|
|
Changed |
Description |
Supersmart.me - Walk Through Performing unauthorized actions on other customers. Supersmart.me has a product designed to conduct smart shopping in stores. The customer receives a coder (or using an Android application) to scan at the beginning of the purchase the QR CODE on the cart, and then all the products he wants to purchase. At the end of the purchase the customer can pay independently. During the research it was discovered that it is possible to reset another customer's cart without verification. Because the number of purchases is serial.
|
insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code.
|
Added |
Reference |
|
https://www.gov.il/en/departments/faq/cve_advisories [No Types Assigned]
|
Removed |
Reference |
https://www.gov.il/en/Departments/faq/cve_advisories [Third Party Advisory]
|
|