CVE-2024-5766 MEDIUM

CVE-2024-5766: Likeshop Merchandise admin cross site scripting

Vendor N/A
Product Likeshop
Weakness CWE-79 · XSS
Published June 8, 2024
Last update September 3, 2024

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-267449 was assigned to this vulnerability.

Key dates

02Disclosure timeline

June 8, 2024 CVE published
September 3, 2024 Record updated