CVE-2024-12991

Name of the Vulnerable Software and Affected Versions Beijing Longda Jushang Technology DBShop商城系统 version 3.3 Release 231225

Description A cross-site scripting issue affects the /home-order file, where manipulating the orderStatus argument with a specific input leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations For Beijing Longda Jushang Technology DBShop商城系统 version 3.3 Release 231225, consider implementing input validation for the orderStatus parameter in the /home-order file as a temporary workaround until a patch is available. Restrict access to the /home-order file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.