CVE-2023-41962

Name of the Vulnerable Software and Affected Versions Welcart e-Commerce versions 2.7 to 2.8.21

Description A cross-site scripting issue in the Credit Card Payment Setup page allows a remote unauthenticated attacker to inject an arbitrary script into the page. This enables the attacker to execute malicious code, potentially leading to unauthorized actions or data exposure.

Recommendations For Welcart e-Commerce versions 2.7 to 2.8.21, update to a version later than 2.8.21 to resolve the issue. As a temporary workaround, consider restricting access to the Credit Card Payment Setup page until a patch is available.