CVE-2024-51835

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 19, 2024

CWE ID 79

Summary

CVE-2024-51835 is a Cross-site Scripting (XSS) vulnerability affecting the OpenCart Product Display module, from an undefined version up to 1.0. An attacker can inject malicious scripts into the webpage by exploiting improper input neutralization during the webpage generation process. This stored XSS vulnerability poses a significant risk, as the injected scripts can be executed in users' browsers whenever they access the affected page. Successful exploitation could allow an attacker to steal sensitive data, perform unauthorized actions, or redirect users to malicious websites. It is recommended that users immediately update their OpenCart Product Display module to a secure version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database