What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in eCommerce Product Catalog <= 3.5.4 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in eCommerce Product Catalog <= 3.5.4 versions.
Explanation of Vulnerability in Simple Terms
The eCommerce Product Catalog contains a cross-site scripting (XSS) vulnerability in versions up to 3.5.4. An attacker can inject malicious scripts that execute in the browsers of site visitors. The vulnerability requires user interaction—typically clicking a crafted link—and can affect multiple users across the site. Update to a version newer than 3.5.4 to remediate.
What an attacker can do
Inject malicious scripts that run in visitors' browsers, stealing session cookies or redirecting users.
Potential impact on your site
Visitors' browsers can be compromised; their sessions hijacked or credentials stolen via phishing.
Conditions required to exploit
Attacker crafts a malicious link; a site visitor must click it or visit a compromised page.
Key dates
External resources
Related vulnerabilities