CVE-2023-26688

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 25, 2024
Updated: Sep 26, 2024
CWE ID 79

Summary

CVE-2023-26688 is a Cross Site Scripting (XSS) vulnerability found in CS-Cart MultiVendor version 4.16.1, which allows remote attackers to execute arbitrary code through the product_data parameter in the administration interface. Affected products include those using this specific version of CS-Cart MultiVendor, which could lead to potential security breaches if exploited. The vulnerability has been rated as medium severity with a CVSS base score of 5.4, indicating that it requires low privileges and user interaction to be exploited over a network. To remediate this issue, organizations are advised to update their CS-Cart MultiVendor installations to a patched version that addresses this vulnerability. Failure to do so may expose sensitive data and compromise the integrity of the affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share