Reflected Cross-Site Scripting Vulnerability in osCommerce 4
CVE-2024-4348

Currently unrated

Key Information:

Vendor

osCommerce

Status
osCommerce 4
Vendor
CVE Published:
30 April 2024

What is CVE-2024-4348?

A cross-site scripting vulnerability has been identified in osCommerce 4, affecting an unspecified function within the /catalog/all-products file. This vulnerability can be exploited by manipulating the 'cat' argument, allowing attackers to execute arbitrary scripts in the user's browser. The issue can be exploited remotely, making it critical for users to implement security measures to prevent potential attacks. Despite early notifications sent to the vendor regarding this vulnerability, there has been no response, leaving users at risk of exploitation. It's essential for administrators to remain vigilant and apply appropriate security patches and updates.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://vuldb.com/?id.262488
https://vuldb.com/?ctiid.262488
https://vuldb.com/?submit.320855

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

JSON
.