CVE-2024-23190

Name of the Vulnerable Software and Affected Versions No specific software name or affected versions are mentioned in the provided descriptions.

Description The issue allows an attacker to manipulate upsell shop information of an account to execute script code in the context of the user's browser session. This can be exploited if an attacker gains temporary access to a user's account or through a successful social engineering attack, luring users to maliciously configured accounts. As a result, attackers could perform malicious API requests or extract information from the user's account. The sanitization of user-defined upsell content has been improved to address this issue. There are no known publicly available exploits for this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.