← Volver a CVEs
CVE-2023-54364
MEDIUM6.1
Descripcion
Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from_option, from_ctrl, from_task, or from_itemid parameters to steal session tokens or login credentials when victims visit the link.
Detalles CVE
Puntuacion CVSS v3.16.1
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado4/9/2026
Ultima modificacion4/15/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-79
Referencias
https://demo.hikashop.com/index.php/en/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/51629(disclosure@vulncheck.com)
https://www.hikashop.com/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/joomla-hikashop-reflected-xss-via-product-filter(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.