Reflected XSS Vulnerability in SureCart
CVE-2024-43970

7.1HIGH

Key Information:

Vendor: WordPress
Status: Surecart
Vendor: CVE Published:; 18 September 2024

What is CVE-2024-43970?

A reflected Cross-Site Scripting (XSS) vulnerability exists in SureCart that allows attackers to inject malicious scripts via improperly validated user input. This can lead to session hijacking, data theft, and other malicious activities, affecting users of SureCart versions n/a to 2.29.3. Site administrators are urged to apply recommended security measures to protect their applications.

Affected Version(s)

SureCart <= 2.29.3

References

https://patchstack.com/database/vulnerability/surecart/wo...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024

CVE-2024-43970 Data

JSON

WordPress

What is CVE-2024-43970?

Affected Version(s)

References

CVSS V3.1

Timeline