CVE-2024-23191

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description Upsell advertisement information of an account can be manipulated to execute script code in the context of the user's browser session. To exploit this, an attacker would require temporary access to a user's account or a successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the user's account. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.