CVE-2024-45366 — Cross-site Scripting in E-commerce

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 50.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Welcart E-commerce Welcart INC Welcart E-commerce

Timeline

PublishedSep 18

Description

Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDwelcart/welcart_e-commerce< 2.11.2

▶CVEListV5welcart_inc/welcart_e-commerceprior to 2.11.2

🔴Vulnerability Details

CVEList

CVE-2024-45366: Welcart e-Commerce prior to 2↗2024-09-18

▶

GHSA

GHSA-2382-xh76-j493: Welcart e-Commerce prior to 2↗2024-09-18

▶