XSS in Phoenixcart Ce Phoenix
CVE-2024-58296
CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary Java…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (22.6th percentile) — read the EPSS interpretation.
Affected products
- Phoenixcart Ce Phoenix — versions 1.0.8.20
Weakness classification (CWE)
References
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (exploit, media-coverage)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)