CVE-2025-57407
- EPSS 0.03%
- Veröffentlicht 23.09.2025 16:15:32
- Zuletzt bearbeitet 08.10.2025 18:10:20
A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's b...
CVE-2022-21149
- EPSS 0.17%
- Veröffentlicht 01.05.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:43:59
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that us...
CVE-2021-44111
- EPSS 0.13%
- Veröffentlicht 11.02.2022 18:15:10
- Zuletzt bearbeitet 21.11.2024 06:30:22
A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup.
CVE-2021-38847
- EPSS 0.87%
- Veröffentlicht 01.11.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:18:05
S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file.
CVE-2020-28456
- EPSS 0.33%
- Veröffentlicht 15.12.2020 16:15:15
- Zuletzt bearbeitet 21.11.2024 05:22:50
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.
CVE-2020-28457
- EPSS 0.32%
- Veröffentlicht 15.12.2020 16:15:15
- Zuletzt bearbeitet 21.11.2024 05:22:50
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS.