Cross Site Scripting Vulnerability in InnoShop by Innocommerce
CVE-2024-57277

5.7MEDIUM

Key Information:

Vendor: Innocommerce
Status: InnoShop
Vendor: CVE Published:; 24 January 2025

🔔 Create Innocommerce Vulnerability Alert

What is CVE-2024-57277?

InnoShop versions up to 0.3.8 are susceptible to Cross Site Scripting (XSS) attacks facilitated through SVG file uploads. An attacker can exploit this vulnerability, allowing malicious script execution within the user’s browser. This risk can lead to unauthorized access to sensitive user data, session hijacking, and a compromised user experience on the platform. Web administrators are advised to upgrade to the latest version and implement input validation to mitigate potential security threats.

References

https://youtu.be/ved96wsIYlQ

https://github.com/innocommerce/innoshop/issues/115

https://github.com/yamerooo123/ResearchNBugBountyEncyclop...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 9, 2025

CVE-2024-57277 Data

JSON