Report an incident
Back
  • About us
  • News
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
For experts
Publications
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerability in Online Shopping System Advanced software
14 May 2024 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2024-3579
Publication date 14 May 2024
Vendor Puneeth Reddy
Product Online Shopping System Advanced
Vulnerable versions All
Vulnerability type (CWE) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Report source Own research

Description

During its own research, CERT Polska has found a Reflected Cross-Site Scripting (XSS) vulnerability in Online Shopping System Advanced open-source project and assigned it an identifier CVE-2024-3579. An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. 

As the author has been unresponsive to our inquires, it is believed that all versions of the system are vulnerable.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.