Cs-cart

Cs-cart

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8

CVE-2025-50849

  • EPSS 0.04%
  • Veröffentlicht 31.07.2025 15:15:36
  • Zuletzt bearbeitet 31.07.2025 18:42:37

CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on t...

6.1

CVE-2025-50848

  • EPSS 0.03%
  • Veröffentlicht 31.07.2025 00:00:00
  • Zuletzt bearbeitet 06.08.2025 16:35:06

A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to up...

8.6

CVE-2025-50850

  • EPSS 0.07%
  • Veröffentlicht 31.07.2025 00:00:00
  • Zuletzt bearbeitet 06.08.2025 16:34:48

An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and ...

6.5

CVE-2025-50847

  • EPSS 0.1%
  • Veröffentlicht 31.07.2025 00:00:00
  • Zuletzt bearbeitet 06.08.2025 16:36:17

Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.

6.1

CVE-2021-32202

  • EPSS 0.24%
  • Veröffentlicht 14.09.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:06:54

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page.

9

CVE-2017-15673

  • EPSS 0.42%
  • Veröffentlicht 28.11.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.

5.4

CVE-2017-10886

  • EPSS 0.25%
  • Veröffentlicht 17.11.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via uns...

8.8

CVE-2017-2138

  • EPSS 0.14%
  • Veröffentlicht 02.08.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication...

8.8

CVE-2016-4862

  • EPSS 2.43%
  • Veröffentlicht 20.04.2017 18:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.

6.8

CVE-2015-2701

Exploit
  • EPSS 0.82%
  • Veröffentlicht 25.03.2015 14:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.