CVE-2023-46494

Name of the Vulnerable Software and Affected Versions EverShop NPM versions prior to 1.0.0-rc.5

Description The issue allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. This is a Cross Site Scripting vulnerability.

Recommendations For versions prior to 1.0.0-rc.5, update to version 1.0.0-rc.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the ProductGrid function in admin/productGrid/Grid.jsx to minimize the risk of exploitation.