CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Phoenixcart |
|
No data.
No data.
References
History
Fri, 12 Dec 2025 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Phoenixcart
Phoenixcart ce Phoenix Cart |
|
| Vendors & Products |
Phoenixcart
Phoenixcart ce Phoenix Cart |
Thu, 11 Dec 2025 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page. | |
| Title | CE Phoenix v3.0.1 Stored Cross-Site Scripting via admin/currencies.php | |
| Weaknesses | CWE-79 | |
| References |
|
|
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published: 2025-12-11T21:38:04.687Z
Updated: 2025-12-11T21:38:04.687Z
Reserved: 2025-12-11T00:58:28.456Z
Link: CVE-2024-58296
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2025-12-11T22:15:50.740
Modified: 2025-12-12T15:17:31.973
Link: CVE-2024-58296
Redhat
No data.