CVE-2024-58296

MEDIUM

CE Phoenix v3.0.1 - XSS

Title source: llm

Description

CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.

Exploits (1)

exploitdb WORKING POC
by tmrswrr · textwebappsphp
https://www.exploit-db.com/exploits/52015

References (5)

Scores

CVSS v4 5.3
EPSS 0.0010
EPSS Percentile 26.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Details

CWE
CWE-79
Status published
Products (1)
PhoenixCart/CE Phoenix 1.0.8.20
Published Dec 11, 2025
Tracked Since Feb 18, 2026