Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for LiteCart by LiteCart
CVE-2022-27168 (GCVE-0-2022-27168)
Vulnerability from nvd – Published: 2022-07-11 00:40 – Updated: 2024-08-03 05:18
VLAI?
Summary
Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:39.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.litecart.net/en/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/litecart/litecart"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32625020/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LiteCart",
"vendor": "LiteCart",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:40:19.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.litecart.net/en/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litecart/litecart"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32625020/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LiteCart",
"version": {
"version_data": [
{
"version_value": "versions prior to 2.4.2"
}
]
}
}
]
},
"vendor_name": "LiteCart"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.litecart.net/en/",
"refsource": "MISC",
"url": "https://www.litecart.net/en/"
},
{
"name": "https://github.com/litecart/litecart",
"refsource": "MISC",
"url": "https://github.com/litecart/litecart"
},
{
"name": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63",
"refsource": "MISC",
"url": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63"
},
{
"name": "https://jvn.jp/en/jp/JVN32625020/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32625020/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27168",
"datePublished": "2022-07-11T00:40:19.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:18:39.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9018 (GCVE-0-2020-9018)
Vulnerability from nvd – Published: 2020-02-25 17:13 – Updated: 2024-08-04 10:19
VLAI?
Summary
LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LiteCart through 2.2.1 allows admin/?app=users\u0026doc=edit_user CSRF to add a user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T17:13:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LiteCart through 2.2.1 allows admin/?app=users\u0026doc=edit_user CSRF to add a user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://uploadboy.com/7njf43f167is/384/mp4",
"refsource": "MISC",
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"name": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf",
"refsource": "MISC",
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9018",
"datePublished": "2020-02-25T17:13:51.000Z",
"dateReserved": "2020-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9017 (GCVE-0-2020-9017)
Vulnerability from nvd – Published: 2020-02-25 16:58 – Updated: 2024-08-04 10:19
VLAI?
Summary
LiteCart through 2.2.1 allows CSV injection via a customer's profile.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LiteCart through 2.2.1 allows CSV injection via a customer\u0027s profile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T16:58:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LiteCart through 2.2.1 allows CSV injection via a customer\u0027s profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://uploadboy.com/7njf43f167is/384/mp4",
"refsource": "MISC",
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"name": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf",
"refsource": "MISC",
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9017",
"datePublished": "2020-02-25T16:58:02.000Z",
"dateReserved": "2020-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12256 (GCVE-0-2018-12256)
Vulnerability from nvd – Published: 2018-08-16 20:00 – Updated: 2024-08-05 08:30
VLAI?
Summary
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-06-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.litecart.net/download"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods\u0026doc=vqmods request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.litecart.net/download"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods\u0026doc=vqmods request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669",
"refsource": "CONFIRM",
"url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669"
},
{
"name": "https://www.litecart.net/download",
"refsource": "CONFIRM",
"url": "https://www.litecart.net/download"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12256",
"datePublished": "2018-08-16T20:00:00.000Z",
"dateReserved": "2018-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10827 (GCVE-0-2018-10827)
Vulnerability from nvd – Published: 2018-05-09 04:00 – Updated: 2024-08-05 07:46
VLAI?
Summary
LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/litecart/litecart/issues/119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-11T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litecart/litecart/issues/119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/litecart/litecart/issues/119",
"refsource": "MISC",
"url": "https://github.com/litecart/litecart/issues/119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10827",
"datePublished": "2018-05-09T04:00:00.000Z",
"dateReserved": "2018-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:46:47.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7183 (GCVE-0-2014-7183)
Vulnerability from nvd – Published: 2014-10-22 14:00 – Updated: 2024-08-06 12:40
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2014-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141020 LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533748/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/"
},
{
"name": "20151119 Re: LiteCart 1.3.2: Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/84"
},
{
"name": "70662",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141020 LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533748/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/"
},
{
"name": "20151119 Re: LiteCart 1.3.2: Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/84"
},
{
"name": "70662",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141020 LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533748/100/0/threaded"
},
{
"name": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/",
"refsource": "MISC",
"url": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/"
},
{
"name": "20151119 Re: LiteCart 1.3.2: Multiple XSS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Nov/84"
},
{
"name": "70662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7183",
"datePublished": "2014-10-22T14:00:00.000Z",
"dateReserved": "2014-09-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:40:19.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27168 (GCVE-0-2022-27168)
Vulnerability from cvelistv5 – Published: 2022-07-11 00:40 – Updated: 2024-08-03 05:18
VLAI?
Summary
Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:39.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.litecart.net/en/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/litecart/litecart"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32625020/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LiteCart",
"vendor": "LiteCart",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:40:19.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.litecart.net/en/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litecart/litecart"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32625020/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LiteCart",
"version": {
"version_data": [
{
"version_value": "versions prior to 2.4.2"
}
]
}
}
]
},
"vendor_name": "LiteCart"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.litecart.net/en/",
"refsource": "MISC",
"url": "https://www.litecart.net/en/"
},
{
"name": "https://github.com/litecart/litecart",
"refsource": "MISC",
"url": "https://github.com/litecart/litecart"
},
{
"name": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63",
"refsource": "MISC",
"url": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63"
},
{
"name": "https://jvn.jp/en/jp/JVN32625020/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32625020/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27168",
"datePublished": "2022-07-11T00:40:19.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:18:39.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9018 (GCVE-0-2020-9018)
Vulnerability from cvelistv5 – Published: 2020-02-25 17:13 – Updated: 2024-08-04 10:19
VLAI?
Summary
LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LiteCart through 2.2.1 allows admin/?app=users\u0026doc=edit_user CSRF to add a user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T17:13:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LiteCart through 2.2.1 allows admin/?app=users\u0026doc=edit_user CSRF to add a user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://uploadboy.com/7njf43f167is/384/mp4",
"refsource": "MISC",
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"name": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf",
"refsource": "MISC",
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9018",
"datePublished": "2020-02-25T17:13:51.000Z",
"dateReserved": "2020-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9017 (GCVE-0-2020-9017)
Vulnerability from cvelistv5 – Published: 2020-02-25 16:58 – Updated: 2024-08-04 10:19
VLAI?
Summary
LiteCart through 2.2.1 allows CSV injection via a customer's profile.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LiteCart through 2.2.1 allows CSV injection via a customer\u0027s profile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T16:58:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LiteCart through 2.2.1 allows CSV injection via a customer\u0027s profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://uploadboy.com/7njf43f167is/384/mp4",
"refsource": "MISC",
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"name": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf",
"refsource": "MISC",
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9017",
"datePublished": "2020-02-25T16:58:02.000Z",
"dateReserved": "2020-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12256 (GCVE-0-2018-12256)
Vulnerability from cvelistv5 – Published: 2018-08-16 20:00 – Updated: 2024-08-05 08:30
VLAI?
Summary
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-06-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.litecart.net/download"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods\u0026doc=vqmods request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.litecart.net/download"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods\u0026doc=vqmods request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669",
"refsource": "CONFIRM",
"url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669"
},
{
"name": "https://www.litecart.net/download",
"refsource": "CONFIRM",
"url": "https://www.litecart.net/download"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12256",
"datePublished": "2018-08-16T20:00:00.000Z",
"dateReserved": "2018-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10827 (GCVE-0-2018-10827)
Vulnerability from cvelistv5 – Published: 2018-05-09 04:00 – Updated: 2024-08-05 07:46
VLAI?
Summary
LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/litecart/litecart/issues/119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-11T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litecart/litecart/issues/119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/litecart/litecart/issues/119",
"refsource": "MISC",
"url": "https://github.com/litecart/litecart/issues/119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10827",
"datePublished": "2018-05-09T04:00:00.000Z",
"dateReserved": "2018-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:46:47.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7183 (GCVE-0-2014-7183)
Vulnerability from cvelistv5 – Published: 2014-10-22 14:00 – Updated: 2024-08-06 12:40
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2014-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141020 LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533748/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/"
},
{
"name": "20151119 Re: LiteCart 1.3.2: Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/84"
},
{
"name": "70662",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141020 LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533748/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/"
},
{
"name": "20151119 Re: LiteCart 1.3.2: Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/84"
},
{
"name": "70662",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141020 LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533748/100/0/threaded"
},
{
"name": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/",
"refsource": "MISC",
"url": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/"
},
{
"name": "20151119 Re: LiteCart 1.3.2: Multiple XSS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Nov/84"
},
{
"name": "70662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7183",
"datePublished": "2014-10-22T14:00:00.000Z",
"dateReserved": "2014-09-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:40:19.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}