CVE-2024-10743

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal version 2.0

Description A vulnerability was found in the PHPGurukul Online Shopping Portal, allowing for cross-site scripting (XSS) attacks. The issue is related to an unknown function in the file /shopping/admin/assets/plugins/DataTables/examples/examples support/editable ajax.php, where the manipulation of the argument value leads to XSS. This can be exploited remotely. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For PHPGurukul Online Shopping Portal version 2.0, patch immediately and validate all user inputs to prevent malicious script injection. As a temporary workaround, consider restricting access to the vulnerable file editable ajax.php until a patch is available. Avoid using potentially vulnerable functions in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.