PT-2025-50750 · Unknown · Ce Phoenix
Tmrswrr
·
Published
2025-12-11
·
Updated
2025-12-12
·
CVE-2024-58296
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
CE Phoenix version 3.0.1
Description
CE Phoenix version 3.0.1 has a stored cross-site scripting issue within the currencies administration panel. An attacker can inject malicious scripts by inserting XSS payloads into the title field. When administrators view the currencies page, the injected JavaScript will execute. The vulnerability allows for the execution of arbitrary JavaScript.
Recommendations
Apply a fix to sanitize the title field in the currencies administration panel to prevent the injection of malicious scripts.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ce Phoenix