CVE-2024-4073

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Apr 23, 2024

Updated: Jun 20, 2024

CWE ID 79

Summary

CVE-2024-4073 is a newly disclosed vulnerability affecting the Kashipara Online Furniture Shopping Ecommerce Website version 1.0. This issue lies within an unidentified functionality of the prodList.php file. Manipulation of the prodType argument triggers cross-site scripting (XSS), allowing attackers to inject malicious code into a victim's web browser. The exploit can be executed remotely, increasing the potential threat to users. The vulnerability details have been made public, raising concerns about its widespread exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/w6Y8aF
https://www.cve.org/CVERecord?id=CVE-2024-4073
https://nvd.nist.gov/vuln/detail/CVE-2024-4073

Back to Vulnerability Database

CVE-2024-4073

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations