PT-2023-26157 · Activeitzone · Active Super Shop Cms
Published
2023-07-20
·
Updated
2024-05-17
·
CVE-2023-3788
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ActiveITzone Active Super Shop CMS version 2.5
Description
A problematic issue has been found in the Manage Details Page component, where the manipulation of the
name, phone, or address arguments leads to cross-site scripting. The attack can be initiated remotely.Recommendations
For ActiveITzone Active Super Shop CMS version 2.5, consider disabling the Manage Details Page component until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using the
name, phone, or address arguments in the affected component until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Active Super Shop Cms