CVE-2024-40746

Name of the Vulnerable Software and Affected Versions HikaShop Joomla Component versions prior to 5.1.1

Description A stored cross-site scripting (XSS) issue allows remote attackers to execute arbitrary JavaScript in a user's web browser. This is achieved by including a malicious payload in the description parameter of any product, which is not sanitized in the backend.

Recommendations For versions prior to 5.1.1, update to version 5.1.1 or later to resolve the issue. As a temporary workaround, consider sanitizing the description parameter in the backend to prevent malicious JavaScript execution.