CVE-2024-58296

Sažetak

CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.

Reference

https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php
https://phoenixcart.org/
https://www.exploit-db.com/exploits/52015
https://www.softaculous.com/apps/ecommerce/CE_Phoenix
https://www.vulncheck.com/advisories/ce-phoenix-v-stored-cross-site-scripting-via-currencies-administration

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

12-12-2025 - 15:17

Objavljeno

11-12-2025 - 22:15