CVE-2023-54364

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N                                    

Vulnerability Description

Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from_option, from_ctrl, from_task, or from_itemid parameters to steal session tokens or login credentials when victims visit the link.

Vulnerability Details

Published Date

April 09, 2026

Last Modified

April 15, 2026

CWE ID

CWE-79

Source

NVD

Vendor

Hikashop

Product

Joomla HikaShop

External References

https://demo.hikashop.com/index.php/en/
https://www.exploit-db.com/exploits/51629
https://www.hikashop.com/
https://www.vulncheck.com/advisories/joomla-hikashop-reflected-xss-via-product-filter

CVE-2023-54364

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment