CVE-2024-12991 | Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225 /home-order orderStatus cross site scripting

A vulnerability was found in Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. It has been declared as problematic. This vulnerability affects unknown code of the file /home-order. The manipulation of the argument orderStatus with the input %22%3E%3Csvg%20onload=alert(5888)%3E leads to cross site scripting.

This vulnerability was named CVE-2024-12991. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-12991 | Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225 /home-order orderStatus cross site scripting

Post correlati

CVE-2024-24898 | openEuler Kernel prior 4.19.90-2403.4.0.0244 information disclosure

CVE-2024-43376 | Umbraco CMS up to 14.1.1 Management API information exposure

CVE-2024-32577 | Codeboxr Team CBX Bookmark & Favorite Plugin up to 1.7.20 on WordPress cross site scripting

CVE-2024-56560 | Linux Kernel up to 6.12.3 slab create_cache denial of service