6.9
CVE-2026-23797
- EPSS 0.25%
- Veröffentlicht 05.02.2026 11:07:55
- Zuletzt bearbeitet 19.02.2026 18:30:15
- Quelle cvd@cert.pl
- CVE-Watchlists
- Unerledigt
Plaintext password display in Quick.Cart
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensolution ≫ Quick.Cart Version6.7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.154 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| cvd@cert.pl | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-256 Plaintext Storage of a Password
Storing a password in plaintext may result in a system compromise.
https://opensolution.org/sklep-internetowy-quick-cart.html
https://cert.pl/posts/2026/02/CVE-2026-23796