.. / CVE-2024-4348

Exploit for osCommerce v4.0 - Cross-site Scripting (CVE-2024-4348)

Description:

A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.

Nuclei Template

View the template here CVE-2024-4348.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-4348.yaml
Copy

References:

https://vuldb.com/?ctiid.262488
https://vuldb.com/?submit.320855
https://packetstormsecurity.com/files/178375/osCommerce-4-Cross-Site-Scripting.html
https://nvd.nist.gov/vuln/detail/CVE-2024-4348
https://vuldb.com/?id.262488