CVE Catalog

CVE-2023-3788

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

40th percentile — higher than 40% of all known CVEs

Summary

A vulnerability has been found in ActiveITzone Active Super Shop CMS 2.5 that allows cross site scripting (XSS) attacks through manipulation of the arguments name, phone, and address on the Manage Details Page. The attack can be initiated remotely.

Risk Assessment

This vulnerability poses a risk of exploitation by malicious users to inject scripts, potentially leading to data theft or session hijacking.

Recommendation

It is recommended to update to the latest version of the CMS and implement input filtering and validation to minimize the risk of XSS attacks.

Original NVD description (English source)

A vulnerability, which was classified as problematic, has been found in ActiveITzone Active Super Shop CMS 2.5. This issue affects some unknown processing of the component Manage Details Page. The manipulation of the argument name/phone/address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235055.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS