CVE-2023-54364

Name of the Vulnerable Software and Affected Versions HikaShop version 4.7.4

Description HikaShop version 4.7.4 contains a reflected cross-site scripting issue that allows unauthenticated attackers to inject malicious scripts. Attackers can manipulate GET parameters in the product filter endpoint to achieve this. Specifically, the from option, from ctrl, from task, and from itemid parameters are vulnerable. Successful exploitation could allow attackers to steal session tokens or login credentials.

Recommendations Update HikaShop to a newer version that contains a fix for this vulnerability.