Detections
Analytics

CVE-2024-58296

medium

Description

CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.

References

https://www.exploit-db.com/exploits/52015

https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php

https://www.vulncheck.com/advisories/ce-phoenix-v-stored-cross-site-scripting-via-currencies-administration

https://www.softaculous.com/apps/ecommerce/CE_Phoenix

https://phoenixcart.org/

Details

Source: Mitre, NVD

Published: 2025-12-11

Updated: 2025-12-12

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Severity: Medium

EPSS

EPSS: 0.00051