216.73.217.64

CVE-2024-40746

· Published 21/10/2024 17:15 · Modified 29/10/2024 15:34

Labels: CVE-2024-40746 2024-10-21CVE-2024-40746CWE-79[email protected]

Essential information

Published
21/10/2024 17:15
Modified
29/10/2024 15:34
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
hikashop / hikashop cpe:2.3:a:hikashop:hikashop:*:*:*:*:*:joomla\!:*:*

References