Stored cross-site scripting (XSS)

DATE

08.10.2023

Affected Vendor

thirty bees – an open-source e-commerce platform https://thirtybees.com/ (GitHub page: https://github.com/thirtybees/thirtybees)

Affected Product

thirty bees Core

Vulnerable version

1.4.0

Fixed version

1.5.0

CVSS

6.9 Medium CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Recommendations

Update to version 1.5.0 or newer

Vulnerability details

A stored cross-site scripting (XSS) vulnerability was discovered in the Core.

CVE

CVE-2023-45957

Credits

Ulaş Deniz İlhan

References

https://github.com/thirtybees/thirtybees/commit/f5b2c1e0094ce53fded1443bab99a604ae8e2968
https://nvd.nist.gov/vuln/detail/CVE-2023-45957

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

Have Any Questions?

thirty bees – Stored cross-site scripting (XSS)

NEED A CONSULTATION?

contact@zigrin.com

GPG Key

Get a free consultation