CVE-2024-5766

CVSS 2.0 Score 3.3 of 10 (low)

Details

Published Jun 8, 2024

Updated: Jun 10, 2024

CWE ID 79

Summary

CVE-2024-5766 is a newly identified vulnerability affecting Likeshop up to version 2.5.7. This issue involves the Merchandise Handler component and specifically impacts the processing of the /admin file. The vulnerability results in cross-site scripting (XSS), enabling an attacker to inject malicious code into a user's browser. The attack can be executed remotely, potentially leading to unauthorized access or data theft. The Vulnerability Database has assigned the identifier VDB-267449 to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Likeshop

Affected Vendors

Likeshop

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wWIqkE
https://www.cve.org/CVERecord?id=CVE-2024-5766
https://nvd.nist.gov/vuln/detail/CVE-2024-5766

Back to Vulnerability Database