CVE-2019-15489

Name of the Vulnerable Software and Affected Versions laracom (aka Laravel FREE E-Commerce Software) version 1.4.11

Description The issue is related to a Cross-site Scripting vulnerability. It occurs via the search query, where the search?q= parameter is vulnerable to XSS attacks. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For version 1.4.11, as a temporary workaround, consider restricting access to the search functionality until a patch is available. Avoid using the search?q= parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.