CVE-2024-54412

Name of the Vulnerable Software and Affected Versions: Ecommerce Templates ECT Product Carousel versions n/a through 1.9

Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS in Ecommerce Templates ECT Product Carousel. This means an attacker can perform actions on behalf of a user without their knowledge, potentially leading to malicious activities such as stealing user data or taking control of the user's session. The Stored XSS aspect of the vulnerability enables attackers to inject malicious scripts into the website, which are then stored and executed by the application, affecting other users.

Recommendations: For versions n/a through 1.9, update to a version that includes a fix for this issue, as using an updated version is the most effective way to mitigate the risk of CSRF and Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.