CVE-2023-26447

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue concerns a widget that allows specifying a product description, which is taken from a user-controllable source and added to the DOM without proper escaping. This allows malicious script code to be executed within the victim's context, potentially leading to session hijacking or triggering unwanted actions via the web interface and API. Exploitation requires temporary access to the user's account or luring a user to a compromised account. The issue has been addressed by sanitizing the content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.