Assigner | CERT-PL |
Reserved | 2024-04-10 |
Published | 2024-05-14 |
Updated | 2024-06-04 |
Description
Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
Any version
Credits
Krzysztof Zając (CERT.PL)
References
https://cert.pl/en/posts/2024/05/CVE-2024-3579
https://cert.pl/posts/2024/05/CVE-2024-3579