CVE-2023-54362
MEDIUMJoomla VirtueMart Shopping-Cart 4.0.12 Reflected XSS via keyword
Title source: cnaDescription
Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants endpoint to execute arbitrary JavaScript in victim browsers and steal session tokens or credentials.
Exploits (1)
Scores
CVSS v3
6.1
EPSS
0.0003
EPSS Percentile
9.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
Virtuemart/Cart
4.0.12
Published
Apr 09, 2026
Tracked Since
Apr 10, 2026