Vulnerability vector:
- Base vulnerability score (CVSSv3.1): CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
- Severity (CVSSv3.1): 8.4 (high)
- Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
- Severity (CVSSv4.0): 9.3 (critical)
Description:
The vulnerability was identified in Netcat (netshop module), version 6.4 Extra.
The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user.
Vulnerability status: Confirmed by vendor
Date of vulnerability remediation: 20.08.2024
Recommendations:
- Update to version or higher
Additional information:
Researcher: Aleksey Solovev (Positive Technologies)