Unsanitized User-Defined Script Code Execution in Upsell Shop URL

Unsanitized User-Defined Script Code Execution in Upsell Shop URL

CVE-2023-41710 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

Learn more about our Web Application Penetration Testing UK.