CVE-2024-5766

LOW

Likeshop < 2.5.7 - XSS

Title source: rule

Description

A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-267449 was assigned to this vulnerability.

Exploits (1)

gitee 4,387 stars

by likeshop_1 · phpwriteup

https://gitee.com/likeshop_gitee/likeshop/issues/I9TAHP

References (3)

[Issue Tracking, Third Party Advisory] https://gitee.com/likeshop_gitee/likeshop/issues/I9TAHP

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?ctiid.267449

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.267449

Scores

CVSS v3 2.4

EPSS 0.0010

EPSS Percentile 27.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

likeshop/likeshop 2.5.0 - 2.5.7

Published Jun 08, 2024

Tracked Since Feb 18, 2026