Vulnerabilities > Hikashop

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-21	CVE-2024-40746	Cross-site Scripting vulnerability in Hikashop A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. network low complexity hikashop CWE-79	5.4
2023-08-07	CVE-2023-38044	SQL Injection vulnerability in Hikashop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. network low complexity hikashop CWE-89 critical	9.8
2020-03-09	CVE-2015-7344	Cross-site Scripting vulnerability in Hikashop 2.5.0 HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption]. network low complexity hikashop CWE-79	4.8

Vulnerabilities > Hikashop {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Hikashop"}]}