Home

Description

Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.

PUBLISHED Reserved 2024-04-10 | Published 2024-05-14 | Updated 2024-08-01 | Assigner CERT-PL

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
affected

Any version
affected

Credits

Krzysztof Zając (CERT.PL) finder

References

cert.pl/en/posts/2024/05/CVE-2024-3579 third-party-advisory

cert.pl/posts/2024/05/CVE-2024-3579 third-party-advisory

cert.pl/en/posts/2024/05/CVE-2024-3579 third-party-advisory

cert.pl/posts/2024/05/CVE-2024-3579 third-party-advisory

cve.org (CVE-2024-3579)

nvd.nist.gov (CVE-2024-3579)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.