Vulnerability Details CVE-ID: CVE-2023-4707 Product: Infosoftbd Clcknshop 1.0.0 Vulnerability Type: Cross Site Scripting (XSS) File Affected: /collection/all Vulnerability Classification: Problematic CWE-ID: CWE-79 Impact: Affects the integrity of the web page Description: The vulnerability is caused by the manipulation of the argument 'q' with an unknown input leading to a cross-site scripting vulnerability. The product fails to properly neutralize user-controllable input before it is used as a web page served to other users. The vulnerability can be exploited remotely, and an exploit is available. Additional Notes: The vulnerability was published on 01/09/2023. Successful exploitation requires user interaction. The vulnerability is associated with ATT&CK Technique T1059.007. The vendor was contacted but did not respond. A proof-of-concept is declared. No countermeasures are known; it is suggested to replace the affected product.