Vulnerability Description
Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from_option, from_ctrl, from_task, or from_itemid parameters to steal session tokens or login credentials when victims visit the link.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://demo.hikashop.com/index.php/en/
- https://www.exploit-db.com/exploits/51629
- https://www.hikashop.com/
- https://www.vulncheck.com/advisories/joomla-hikashop-reflected-xss-via-product-f
FAQ
What is CVE-2023-54364?
CVE-2023-54364 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter end...
How severe is CVE-2023-54364?
CVE-2023-54364 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-54364?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.