CVE-2024-40746

Extension - hikashop.com - Stored cross site scripting vulnerability in Hikashop component for Joomla < 5.1.1

Description

A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend.

INFO

Published Date :

2024-10-21T16:16:32.627Z

Last Modified :

2025-03-20T04:35:06.479Z

Source :

Joomla

AFFECTED PRODUCTS

The following products are affected by CVE-2024-40746 vulnerability.

Vendors	Products
Hikashop	Hikashop

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-40746.

URL	Resource
https://www.hikashop.com/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact