MEDIUM
KC Group
CVE published 2023-11-23
CVE-2023-4406
CVE-2023-4406 is a reflected cross-site scripting (XSS) vulnerability in KC Group E-Commerce Software affecting versions through 2023-11-23. The issue is tracked by NVD with CWE-79 and a CVSS 3.1 score of 6.1 (medium). Because exploitation requires user interaction and can execute in a browser context, it is most important for internet-facing deployments that accept or reflect untrusted input. The vendor [truncated]