Report an incident
Report an incident

Vulnerability in Online Shopping System Advanced software
CVE ID CVE-2024-3579
Publication date 14 May 2024
Vendor Puneeth Reddy
Product Online Shopping System Advanced
Vulnerable versions All
Vulnerability type (CWE) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Report source Own research


During its own research, CERT Polska has found a Reflected Cross-Site Scripting (XSS) vulnerability in Online Shopping System Advanced open-source project and assigned it an identifier CVE-2024-3579. An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. 

As the author has been unresponsive to our inquires, it is believed that all versions of the system are vulnerable.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at