CNNVD-202512-2058 Information
CNNVD ID
CNNVD-202512-2058
Related CVE
- CNNVD Published: 2025-12-11
Description (Chinese)
CE Phoenix是Phoenix Cart开源的一个功能强大的电子商务商店。 CE Phoenix v3.0.1版本存在跨站脚本漏洞,该漏洞源于货币管理面板中存在存储型跨站脚本,可能导致执行任意JavaScript。
Description (English)
CE Phoenix is a powerful e-commerce shop that is an open source for Phoenix Cart. CE Phoenix v3.0.1 has a cross-site script loophole, which stems from the existence of a stored cross-site script in the currency management panel, which may result in the execution of any JavaScript.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Phoenix Cart
Published
2025-12-11
Last Modified
2026-02-24
References
https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php https://phoenixcart.org/ https://www.exploit-db.com/exploits/52015 https://www.softaculous.com/apps/ecommerce/CE_Phoenix https://www.vulncheck.com/advisories/ce-phoenix-v-stored-cross-site-scripting-via-currencies-administration
Patch
https://phoenixcart.org/download_ce_phoenix.php
Share on: