CVE-2024-58296

Description

CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.

PUBLISHED Reserved 2025-12-11 | Published 2025-12-11 | Updated 2025-12-16 | Assigner VulnCheck

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

tmrswrr finder

References

www.exploit-db.com/exploits/52015 (ExploitDB-52015) exploit

phoenixcart.org/ (PhoenixCart Homepage) product

demos6.softaculous.com/...nixx3r6jqi4kl/admin/currencies.php (CE Phoenix Admin Panel Demo) exploit media-coverage

www.softaculous.com/apps/ecommerce/CE_Phoenix (SoftAculous CE Phoenix App Page) product

www.vulncheck.com/...scripting-via-currencies-administration third-party-advisory

cve.org (CVE-2024-58296)

nvd.nist.gov (CVE-2024-58296)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.