Medium severity5.4NVD Advisory· Published Oct 21, 2024· Updated Jun 17, 2026
CVE-2024-40746
CVE-2024-40746
Description
A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the backend.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- hikashop.com/HikaShop component for Joomlav5Range: 1.0.0-5.1.0
Patches
Vulnerability mechanics
References
1- www.hikashop.comnvdProduct
News mentions
0No linked articles in our index yet.