CVE-2023-3788
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk40th percentile — higher than 40% of all known CVEs
Summary
A vulnerability has been found in ActiveITzone Active Super Shop CMS 2.5 that allows cross site scripting (XSS) attacks through manipulation of the arguments name, phone, and address on the Manage Details Page. The attack can be initiated remotely.
Risk Assessment
This vulnerability poses a risk of exploitation by malicious users to inject scripts, potentially leading to data theft or session hijacking.
Recommendation
It is recommended to update to the latest version of the CMS and implement input filtering and validation to minimize the risk of XSS attacks.
Original NVD description (English source)
A vulnerability, which was classified as problematic, has been found in ActiveITzone Active Super Shop CMS 2.5. This issue affects some unknown processing of the component Manage Details Page. The manipulation of the argument name/phone/address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235055.

