CVE-2024-40746

CVE-2024-40746: Extension - hikashop.com - Stored cross site scripting vulnerability in Hikashop component for Joomla < 5.1.1

Vendor Hikashop.com
Product HikaShop component for Joomla
Weakness CWE-79 · XSS
Published October 21, 2024
Last update March 20, 2025

CVSS base score

What the vulnerability does

01Description

A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend.

Key dates

02Disclosure timeline

October 21, 2024 CVE published
March 20, 2025 Record updated