CVE-2023-3506

Name of the Vulnerable Software and Affected Versions Active It Zone Active eCommerce CMS version 6.5.0

Description A vulnerability was found in the Create Ticket Page component, specifically affecting the file /ecommerce/support ticket. The issue arises from the manipulation of the details argument with malicious input, such as <script>alert(1)</script>, leading to cross-site scripting. This attack can be initiated remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Active It Zone Active eCommerce CMS version 6.5.0, as a temporary workaround, consider restricting access to the Create Ticket Page or disabling the manipulation of the details argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.