CVE-2023-54362

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Joomla VirtueMart Shopping-Cart version 4.0.12

Description A reflected cross-site scripting issue exists that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants endpoint to execute arbitrary JavaScript in victim browsers and potentially steal session tokens or credentials.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-54362

Affected Products

Virtuemart

CVE-2023-54362

Weakness Enumeration

Related Identifiers

Affected Products

References · 7