{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-58296", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-12-11T00:58:28.456Z", "datePublished": "2025-12-11T21:38:04.687Z", "dateUpdated": "2025-12-16T16:31:28.553Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CE Phoenix", "vendor": "PhoenixCart", "versions": [{"status": "affected", "version": "1.0.8.20"}]}], "credits": [{"lang": "en", "type": "finder", "value": "tmrswrr"}], "datePublic": "2023-11-25T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.</p>"}], "value": "CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-11T21:38:04.687Z"}, "references": [{"name": "ExploitDB-52015", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/52015"}, {"name": "PhoenixCart Homepage", "tags": ["product"], "url": "https://phoenixcart.org/"}, {"name": "CE Phoenix Admin Panel Demo", "tags": ["exploit", "media-coverage"], "url": "https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php"}, {"name": "SoftAculous CE Phoenix App Page", "tags": ["product"], "url": "https://www.softaculous.com/apps/ecommerce/CE_Phoenix"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/ce-phoenix-v-stored-cross-site-scripting-via-currencies-administration"}], "source": {"discovery": "UNKNOWN"}, "title": "CE Phoenix v3.0.1 Stored Cross-Site Scripting via admin/currencies.php", "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-16T16:27:38.229788Z", "id": "CVE-2024-58296", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T16:31:28.553Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-58296", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-16T16:27:38.229788Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T16:28:11.921Z"}}], "cna": {"title": "CE Phoenix v3.0.1 Stored Cross-Site Scripting via admin/currencies.php", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "tmrswrr"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PhoenixCart", "product": "CE Phoenix", "versions": [{"status": "affected", "version": "1.0.8.20"}], "defaultStatus": "unaffected"}], "datePublic": "2023-11-25T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/52015", "name": "ExploitDB-52015", "tags": ["exploit"]}, {"url": "https://phoenixcart.org/", "name": "PhoenixCart Homepage", "tags": ["product"]}, {"url": "https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php", "name": "CE Phoenix Admin Panel Demo", "tags": ["exploit", "media-coverage"]}, {"url": "https://www.softaculous.com/apps/ecommerce/CE_Phoenix", "name": "SoftAculous CE Phoenix App Page", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/ce-phoenix-v-stored-cross-site-scripting-via-currencies-administration", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.", "supportingMedia": [{"type": "text/html", "value": "<p>CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-11T21:38:04.687Z"}}}, "cveMetadata": {"cveId": "CVE-2024-58296", "state": "PUBLISHED", "dateUpdated": "2025-12-16T16:31:28.553Z", "dateReserved": "2025-12-11T00:58:28.456Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-12-11T21:38:04.687Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page."}], "id": "CVE-2024-58296", "lastModified": "2025-12-12T15:17:31.973", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-12-11T22:15:50.740", "references": [{"source": "disclosure@vulncheck.com", "url": "https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php"}, {"source": "disclosure@vulncheck.com", "url": "https://phoenixcart.org/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/52015"}, {"source": "disclosure@vulncheck.com", "url": "https://www.softaculous.com/apps/ecommerce/CE_Phoenix"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/ce-phoenix-v-stored-cross-site-scripting-via-currencies-administration"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"created": "2025-12-12T08:49:43.208821+00:00", "updated": "2025-12-12T08:49:43.208848+00:00", "vendors": ["phoenixcart", "phoenixcart$PRODUCT$ce_phoenix_cart"]}