Reflected XSS Vulnerability in Jigoshop - Store Toolkit
CVE-2024-51712

7.1HIGH

Key Information:

Vendor: Visser Labs
Status: Jigoshop – Store Toolkit
Vendor: CVE Published:; 9 November 2024

Summary

The vulnerability in the Visser Labs Jigoshop – Store Toolkit is due to improper neutralization of input during web page generation, which allows for reflected Cross-Site Scripting (XSS). An attacker can exploit this flaw to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data theft. This affects all versions up to 1.4.0 of the Jigoshop – Store Toolkit, posing a significant risk to the security of web applications utilizing this plugin.

Affected Version(s)

Jigoshop – Store Toolkit <= 1.4.0

References

https://patchstack.com/database/vulnerability/jigoshop-st...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 30, 2024

Credit

Zlrqh (Patchstack Alliance)