CVE-2024-58296
CE Phoenix v3.0.1 Stored Cross-Site Scripting via admin/currencies.php
CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
24th
CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.
| CWE | CWE-79 |
| Vendor | phoenixcart |
| Product | ce phoenix |
| Published | Dec 11, 2025 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for phoenixcart ce phoenix
Be the first to know when new unknown vulnerabilities affecting phoenixcart ce phoenix are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
PhoenixCart / CE Phoenix
1.0.8.20
References
exploit-db.com: https://www.exploit-db.com/exploits/52015 phoenixcart.org: https://phoenixcart.org/ demos6.softaculous.com: https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php softaculous.com: https://www.softaculous.com/apps/ecommerce/CE_Phoenix vulncheck.com: https://www.vulncheck.com/advisories/ce-phoenix-v-stored-cross-site-scripting-via-currencies-administration
Credits
tmrswrr