CVE-2024-4348 | osCommerce 4 /catalog/all-products cat cross site scripting

Inserito da Angelo Barbosa | Apr 30, 2024 | CVE

A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting.

This vulnerability is traded as CVE-2024-4348. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4348 | osCommerce 4 /catalog/all-products cat cross site scripting

Post correlati

CVE-2024-22021 | Veeam Recovery Orchestrator Plan information disclosure

CVE-2023-50777 | PaaSLane Estimate Plugin up to 1.0.4 on Jenkins Job Configuration Form information disclosure

CVE-2024-4391 | Happy Addons for Elementor Plugin up to 3.10.7 on WordPress Event Calendar Widget cross site scripting

CVE-2024-2281 | boyiddha Automated-Mess-Management-System 1.0 Setting /admin/index.php access control