Search

Find a vulnerability

Search criteria

    36 vulnerabilities found for cs-cart by cs-cart

    CVE-2025-50850 (GCVE-0-2025-50850)

    Vulnerability from nvd – Published: 2025-07-31 00:00 – Updated: 2025-07-31 19:57
    VLAI
    Summary
    An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.6,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-50850",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T19:51:44.917545Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-804",
                    "description": "CWE-804 Guessable CAPTCHA",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T19:57:19.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-31T15:39:52.563Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://cs.com"
            },
            {
              "url": "https://github.com/hackerwahab/CS-Cart-Vulns/blob/main/CVE-2025-50850.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-50850",
        "datePublished": "2025-07-31T00:00:00.000Z",
        "dateReserved": "2025-06-16T00:00:00.000Z",
        "dateUpdated": "2025-07-31T19:57:19.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-50848 (GCVE-0-2025-50848)

    Vulnerability from nvd – Published: 2025-07-31 00:00 – Updated: 2025-07-31 19:58
    VLAI
    Summary
    A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-50848",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T19:57:54.209444Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T19:58:25.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-31T15:57:36.275Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://cs.com"
            },
            {
              "url": "https://github.com/hackerwahab/CS-Cart-Vulns/blob/main/CVE-2025-50848.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-50848",
        "datePublished": "2025-07-31T00:00:00.000Z",
        "dateReserved": "2025-06-16T00:00:00.000Z",
        "dateUpdated": "2025-07-31T19:58:25.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-50847 (GCVE-0-2025-50847)

    Vulnerability from nvd – Published: 2025-07-31 00:00 – Updated: 2025-07-31 19:51
    VLAI
    Summary
    Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-50847",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T19:50:30.992521Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-352",
                    "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T19:51:08.514Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user\u0027s comparison list via a crafted HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-31T15:42:14.761Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://cs.com"
            },
            {
              "url": "https://github.com/hackerwahab/CS-Cart-Vulns/blob/main/CVE-2025-50847.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-50847",
        "datePublished": "2025-07-31T00:00:00.000Z",
        "dateReserved": "2025-06-16T00:00:00.000Z",
        "dateUpdated": "2025-07-31T19:51:08.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32202 (GCVE-0-2021-32202)

    Vulnerability from nvd – Published: 2021-09-14 11:37 – Updated: 2024-08-03 23:17
    VLAI
    Summary
    In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:29.209Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/l00neyhacker/CVE-2021-32202"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the \"post description\" filed in the blog post creation page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-14T11:37:58.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/l00neyhacker/CVE-2021-32202"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-32202",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the \"post description\" filed in the blog post creation page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/l00neyhacker/CVE-2021-32202",
                  "refsource": "MISC",
                  "url": "https://github.com/l00neyhacker/CVE-2021-32202"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-32202",
        "datePublished": "2021-09-14T11:37:58.000Z",
        "dateReserved": "2021-05-07T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:17:29.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-15673 (GCVE-0-2017-15673)

    Vulnerability from nvd – Published: 2017-11-28 15:00 – Updated: 2024-08-05 19:57
    VLAI
    Summary
    The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-11-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:57:27.597Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-11-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-28T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-15673",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-15673",
        "datePublished": "2017-11-28T15:00:00.000Z",
        "dateReserved": "2017-10-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:57:27.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10886 (GCVE-0-2017-10886)

    Vulnerability from nvd – Published: 2017-11-17 14:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN29602086/index.html third-party-advisoryx_refsource_JVN
    http://tips.cs-cart.jp/fix-jvn-29602086.html x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Frogman Office Inc. CS-Cart Japanese Edition Affected: v4.3.10 and earlier (excluding v2 and v3)
    Create a notification for this product.
    Frogman Office Inc. CS-Cart Multivendor Japanese Edition Affected: v4.3.10 and earlier (excluding v2 and v3)
    Create a notification for this product.
    Date Public
    2017-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.728Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#29602086",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN29602086/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://tips.cs-cart.jp/fix-jvn-29602086.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CS-Cart Japanese Edition",
              "vendor": "Frogman Office Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v4.3.10 and earlier (excluding v2 and v3)"
                }
              ]
            },
            {
              "product": "CS-Cart Multivendor Japanese Edition",
              "vendor": "Frogman Office Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v4.3.10 and earlier (excluding v2 and v3)"
                }
              ]
            }
          ],
          "datePublic": "2017-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-17T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#29602086",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN29602086/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://tips.cs-cart.jp/fix-jvn-29602086.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10886",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CS-Cart Japanese Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v4.3.10 and earlier (excluding v2 and v3)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CS-Cart Multivendor Japanese Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v4.3.10 and earlier (excluding v2 and v3)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Frogman Office Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#29602086",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN29602086/index.html"
                },
                {
                  "name": "http://tips.cs-cart.jp/fix-jvn-29602086.html",
                  "refsource": "CONFIRM",
                  "url": "http://tips.cs-cart.jp/fix-jvn-29602086.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10886",
        "datePublished": "2017-11-17T14:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2138 (GCVE-0-2017-2138)

    Vulnerability from nvd – Published: 2017-08-02 16:00 – Updated: 2024-08-05 13:39
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN87770873/index.html third-party-advisoryx_refsource_JVN
    http://tips.cs-cart.jp/fix-csrf-20170406.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    Frogman Office Inc. CS-Cart Japanese Edition Affected: v4.3.10 and earlier (excluding v2 and v3)
    Create a notification for this product.
    Frogman Office Inc. CS-Cart Multivendor Japanese Edition Affected: v4.3.10 and earlier (excluding v2 and v3)
    Create a notification for this product.
    Date Public
    2017-08-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.358Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#87770873",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN87770873/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://tips.cs-cart.jp/fix-csrf-20170406.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CS-Cart Japanese Edition",
              "vendor": "Frogman Office Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v4.3.10 and earlier (excluding v2 and v3)"
                }
              ]
            },
            {
              "product": "CS-Cart Multivendor Japanese Edition",
              "vendor": "Frogman Office Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v4.3.10 and earlier (excluding v2 and v3)"
                }
              ]
            }
          ],
          "datePublic": "2017-08-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-02T15:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#87770873",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN87770873/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://tips.cs-cart.jp/fix-csrf-20170406.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2138",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CS-Cart Japanese Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v4.3.10 and earlier (excluding v2 and v3)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CS-Cart Multivendor Japanese Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v4.3.10 and earlier (excluding v2 and v3)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Frogman Office Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#87770873",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN87770873/index.html"
                },
                {
                  "name": "http://tips.cs-cart.jp/fix-csrf-20170406.html",
                  "refsource": "MISC",
                  "url": "http://tips.cs-cart.jp/fix-csrf-20170406.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2138",
        "datePublished": "2017-08-02T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:39:32.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4862 (GCVE-0-2016-4862)

    Vulnerability from nvd – Published: 2017-04-20 18:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/92992 vdb-entryx_refsource_BID
    http://tips.cs-cart.jp/fix-twigmo-vulnerability-2… x_refsource_CONFIRM
    http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-0… third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN55389065/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2016-09-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:38.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "92992",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92992"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://tips.cs-cart.jp/fix-twigmo-vulnerability-20160914.html"
              },
              {
                "name": "JVNDB-2016-000157",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000157.html"
              },
              {
                "name": "JVN#55389065",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN55389065/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-09-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-20T17:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "92992",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/92992"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://tips.cs-cart.jp/fix-twigmo-vulnerability-20160914.html"
            },
            {
              "name": "JVNDB-2016-000157",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000157.html"
            },
            {
              "name": "JVN#55389065",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN55389065/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-4862",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "92992",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/92992"
                },
                {
                  "name": "http://tips.cs-cart.jp/fix-twigmo-vulnerability-20160914.html",
                  "refsource": "CONFIRM",
                  "url": "http://tips.cs-cart.jp/fix-twigmo-vulnerability-20160914.html"
                },
                {
                  "name": "JVNDB-2016-000157",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000157.html"
                },
                {
                  "name": "JVN#55389065",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN55389065/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-4862",
        "datePublished": "2017-04-20T18:00:00.000Z",
        "dateReserved": "2016-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:38.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2701 (GCVE-0-2015-2701)

    Vulnerability from nvd – Published: 2015-03-25 14:00 – Updated: 2024-08-06 05:24
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/show/osvdb/119632 vdb-entryx_refsource_OSVDB
    http://www.exploit-db.com/exploits/36358 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/72658 vdb-entryx_refsource_BID
    Date Public
    2015-03-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:24:37.988Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "119632",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/119632"
              },
              {
                "name": "36358",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/36358"
              },
              {
                "name": "72658",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72658"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-03-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-01T15:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "119632",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/119632"
            },
            {
              "name": "36358",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/36358"
            },
            {
              "name": "72658",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72658"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2701",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "119632",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/119632"
                },
                {
                  "name": "36358",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/36358"
                },
                {
                  "name": "72658",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/72658"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2701",
        "datePublished": "2015-03-25T14:00:00.000Z",
        "dateReserved": "2015-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:24:37.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7317 (GCVE-0-2013-7317)

    Vulnerability from nvd – Published: 2014-01-24 15:00 – Updated: 2024-09-17 02:32
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/405942 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:01:20.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#405942",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/405942"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-01-24T15:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#405942",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/405942"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#405942",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/405942"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7317",
        "datePublished": "2014-01-24T15:00:00.000Z",
        "dateReserved": "2014-01-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:32:17.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-0118 (GCVE-0-2013-0118)

    Vulnerability from nvd – Published: 2013-02-24 11:00 – Updated: 2024-09-17 02:51
    VLAI
    Summary
    CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/583564 third-party-advisoryx_refsource_CERT-VN
    http://www.kb.cert.org/vuls/id/BLUU-949PQL x_refsource_CONFIRM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:18:08.662Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#583564",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/583564"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/BLUU-949PQL"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant\u0027s e-mail address, as demonstrated by setting the recipient to one\u0027s self."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-24T11:00:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#583564",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/583564"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/BLUU-949PQL"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2013-0118",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant\u0027s e-mail address, as demonstrated by setting the recipient to one\u0027s self."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#583564",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/583564"
                },
                {
                  "name": "http://www.kb.cert.org/vuls/id/BLUU-949PQL",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/BLUU-949PQL"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2013-0118",
        "datePublished": "2013-02-24T11:00:00.000Z",
        "dateReserved": "2012-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:51:28.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-4891 (GCVE-0-2009-4891)

    Vulnerability from nvd – Published: 2010-06-11 14:00 – Updated: 2024-08-07 07:17
    VLAI
    Summary
    SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.exploit-db.com/exploits/8184 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/34048 vdb-entryx_refsource_BID
    Date Public
    2009-03-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:17:26.073Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cscart-productid-sql-injection(49154)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49154"
              },
              {
                "name": "8184",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/8184"
              },
              {
                "name": "34048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34048"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cscart-productid-sql-injection(49154)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49154"
            },
            {
              "name": "8184",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/8184"
            },
            {
              "name": "34048",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34048"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-4891",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cscart-productid-sql-injection(49154)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49154"
                },
                {
                  "name": "8184",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/8184"
                },
                {
                  "name": "34048",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34048"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-4891",
        "datePublished": "2010-06-11T14:00:00.000Z",
        "dateReserved": "2010-06-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:17:26.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2579 (GCVE-0-2009-2579)

    Vulnerability from nvd – Published: 2009-08-05 19:00 – Updated: 2024-08-07 05:59
    VLAI
    Summary
    SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/35936 vdb-entryx_refsource_BID
    http://secunia.com/advisories/36112 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/505492/100… mailing-listx_refsource_BUGTRAQ
    http://www.bonsai-sec.com/research/vulnerabilitie… x_refsource_MISC
    http://www.cs-cart.com/changelog206.html x_refsource_CONFIRM
    Date Public
    2009-08-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:55.625Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35936",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35936"
              },
              {
                "name": "36112",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36112"
              },
              {
                "name": "20090804 [BONSAI] SQL Injection in CS-Cart",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/505492/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bonsai-sec.com/research/vulnerabilities/cs-cart_SQL-injection-0100.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cs-cart.com/changelog206.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35936",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35936"
            },
            {
              "name": "36112",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36112"
            },
            {
              "name": "20090804 [BONSAI] SQL Injection in CS-Cart",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/505492/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bonsai-sec.com/research/vulnerabilities/cs-cart_SQL-injection-0100.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cs-cart.com/changelog206.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2579",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35936",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35936"
                },
                {
                  "name": "36112",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36112"
                },
                {
                  "name": "20090804 [BONSAI] SQL Injection in CS-Cart",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/505492/100/0/threaded"
                },
                {
                  "name": "http://www.bonsai-sec.com/research/vulnerabilities/cs-cart_SQL-injection-0100.txt",
                  "refsource": "MISC",
                  "url": "http://www.bonsai-sec.com/research/vulnerabilities/cs-cart_SQL-injection-0100.txt"
                },
                {
                  "name": "http://www.cs-cart.com/changelog206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cs-cart.com/changelog206.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2579",
        "datePublished": "2009-08-05T19:00:00.000Z",
        "dateReserved": "2009-07-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:59:55.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-6394 (GCVE-0-2008-6394)

    Vulnerability from nvd – Published: 2009-03-04 17:00 – Updated: 2024-08-07 11:27
    VLAI
    Summary
    SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/6352 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/31686 third-party-advisoryx_refsource_SECUNIA
    http://www.gulftech.org/?node=research&article_id… x_refsource_MISC
    http://www.securityfocus.com/archive/1/495907/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/30979 vdb-entryx_refsource_BID
    Date Public
    2008-09-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:27:35.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "6352",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6352"
              },
              {
                "name": "31686",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31686"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.gulftech.org/?node=research\u0026article_id=00128-09022008"
              },
              {
                "name": "20080902 CS-Cart \u003c= 1.3.5 SQL Injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/495907/100/0/threaded"
              },
              {
                "name": "cscart-user-sql-injection(44852)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44852"
              },
              {
                "name": "30979",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30979"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "6352",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6352"
            },
            {
              "name": "31686",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31686"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.gulftech.org/?node=research\u0026article_id=00128-09022008"
            },
            {
              "name": "20080902 CS-Cart \u003c= 1.3.5 SQL Injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/495907/100/0/threaded"
            },
            {
              "name": "cscart-user-sql-injection(44852)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44852"
            },
            {
              "name": "30979",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30979"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-6394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "6352",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6352"
                },
                {
                  "name": "31686",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31686"
                },
                {
                  "name": "http://www.gulftech.org/?node=research\u0026article_id=00128-09022008",
                  "refsource": "MISC",
                  "url": "http://www.gulftech.org/?node=research\u0026article_id=00128-09022008"
                },
                {
                  "name": "20080902 CS-Cart \u003c= 1.3.5 SQL Injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/495907/100/0/threaded"
                },
                {
                  "name": "cscart-user-sql-injection(44852)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44852"
                },
                {
                  "name": "30979",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30979"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-6394",
        "datePublished": "2009-03-04T17:00:00.000Z",
        "dateReserved": "2009-03-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:27:35.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1458 (GCVE-0-2008-1458)

    Vulnerability from nvd – Published: 2008-03-24 18:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29468 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/3762 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/28333 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/489857/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:41.709Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29468",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29468"
              },
              {
                "name": "3762",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3762"
              },
              {
                "name": "cscart-index-xss(41306)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41306"
              },
              {
                "name": "28333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28333"
              },
              {
                "name": "20080319 CS-Cart XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489857/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action.  NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "29468",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29468"
            },
            {
              "name": "3762",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3762"
            },
            {
              "name": "cscart-index-xss(41306)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41306"
            },
            {
              "name": "28333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28333"
            },
            {
              "name": "20080319 CS-Cart XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489857/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1458",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action.  NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29468",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29468"
                },
                {
                  "name": "3762",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3762"
                },
                {
                  "name": "cscart-index-xss(41306)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41306"
                },
                {
                  "name": "28333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28333"
                },
                {
                  "name": "20080319 CS-Cart XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489857/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1458",
        "datePublished": "2008-03-24T18:00:00.000Z",
        "dateReserved": "2008-03-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:41.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-50847 (GCVE-0-2025-50847)

    Vulnerability from cvelistv5 – Published: 2025-07-31 00:00 – Updated: 2025-07-31 19:51
    VLAI
    Summary
    Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-50847",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T19:50:30.992521Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-352",
                    "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T19:51:08.514Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user\u0027s comparison list via a crafted HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-31T15:42:14.761Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://cs.com"
            },
            {
              "url": "https://github.com/hackerwahab/CS-Cart-Vulns/blob/main/CVE-2025-50847.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-50847",
        "datePublished": "2025-07-31T00:00:00.000Z",
        "dateReserved": "2025-06-16T00:00:00.000Z",
        "dateUpdated": "2025-07-31T19:51:08.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-50850 (GCVE-0-2025-50850)

    Vulnerability from cvelistv5 – Published: 2025-07-31 00:00 – Updated: 2025-07-31 19:57
    VLAI
    Summary
    An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.6,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-50850",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T19:51:44.917545Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-804",
                    "description": "CWE-804 Guessable CAPTCHA",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T19:57:19.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-31T15:39:52.563Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://cs.com"
            },
            {
              "url": "https://github.com/hackerwahab/CS-Cart-Vulns/blob/main/CVE-2025-50850.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-50850",
        "datePublished": "2025-07-31T00:00:00.000Z",
        "dateReserved": "2025-06-16T00:00:00.000Z",
        "dateUpdated": "2025-07-31T19:57:19.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-50848 (GCVE-0-2025-50848)

    Vulnerability from cvelistv5 – Published: 2025-07-31 00:00 – Updated: 2025-07-31 19:58
    VLAI
    Summary
    A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-50848",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T19:57:54.209444Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T19:58:25.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-31T15:57:36.275Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://cs.com"
            },
            {
              "url": "https://github.com/hackerwahab/CS-Cart-Vulns/blob/main/CVE-2025-50848.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-50848",
        "datePublished": "2025-07-31T00:00:00.000Z",
        "dateReserved": "2025-06-16T00:00:00.000Z",
        "dateUpdated": "2025-07-31T19:58:25.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32202 (GCVE-0-2021-32202)

    Vulnerability from cvelistv5 – Published: 2021-09-14 11:37 – Updated: 2024-08-03 23:17
    VLAI
    Summary
    In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:29.209Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/l00neyhacker/CVE-2021-32202"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the \"post description\" filed in the blog post creation page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-14T11:37:58.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/l00neyhacker/CVE-2021-32202"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-32202",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the \"post description\" filed in the blog post creation page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/l00neyhacker/CVE-2021-32202",
                  "refsource": "MISC",
                  "url": "https://github.com/l00neyhacker/CVE-2021-32202"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-32202",
        "datePublished": "2021-09-14T11:37:58.000Z",
        "dateReserved": "2021-05-07T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:17:29.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-15673 (GCVE-0-2017-15673)

    Vulnerability from cvelistv5 – Published: 2017-11-28 15:00 – Updated: 2024-08-05 19:57
    VLAI
    Summary
    The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-11-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:57:27.597Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-11-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-28T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-15673",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-15673",
        "datePublished": "2017-11-28T15:00:00.000Z",
        "dateReserved": "2017-10-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:57:27.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10886 (GCVE-0-2017-10886)

    Vulnerability from cvelistv5 – Published: 2017-11-17 14:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN29602086/index.html third-party-advisoryx_refsource_JVN
    http://tips.cs-cart.jp/fix-jvn-29602086.html x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Frogman Office Inc. CS-Cart Japanese Edition Affected: v4.3.10 and earlier (excluding v2 and v3)
    Create a notification for this product.
    Frogman Office Inc. CS-Cart Multivendor Japanese Edition Affected: v4.3.10 and earlier (excluding v2 and v3)
    Create a notification for this product.
    Date Public
    2017-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.728Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#29602086",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN29602086/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://tips.cs-cart.jp/fix-jvn-29602086.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CS-Cart Japanese Edition",
              "vendor": "Frogman Office Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v4.3.10 and earlier (excluding v2 and v3)"
                }
              ]
            },
            {
              "product": "CS-Cart Multivendor Japanese Edition",
              "vendor": "Frogman Office Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v4.3.10 and earlier (excluding v2 and v3)"
                }
              ]
            }
          ],
          "datePublic": "2017-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-17T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#29602086",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN29602086/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://tips.cs-cart.jp/fix-jvn-29602086.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10886",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CS-Cart Japanese Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v4.3.10 and earlier (excluding v2 and v3)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CS-Cart Multivendor Japanese Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v4.3.10 and earlier (excluding v2 and v3)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Frogman Office Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#29602086",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN29602086/index.html"
                },
                {
                  "name": "http://tips.cs-cart.jp/fix-jvn-29602086.html",
                  "refsource": "CONFIRM",
                  "url": "http://tips.cs-cart.jp/fix-jvn-29602086.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10886",
        "datePublished": "2017-11-17T14:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2138 (GCVE-0-2017-2138)

    Vulnerability from cvelistv5 – Published: 2017-08-02 16:00 – Updated: 2024-08-05 13:39
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN87770873/index.html third-party-advisoryx_refsource_JVN
    http://tips.cs-cart.jp/fix-csrf-20170406.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    Frogman Office Inc. CS-Cart Japanese Edition Affected: v4.3.10 and earlier (excluding v2 and v3)
    Create a notification for this product.
    Frogman Office Inc. CS-Cart Multivendor Japanese Edition Affected: v4.3.10 and earlier (excluding v2 and v3)
    Create a notification for this product.
    Date Public
    2017-08-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.358Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#87770873",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN87770873/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://tips.cs-cart.jp/fix-csrf-20170406.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CS-Cart Japanese Edition",
              "vendor": "Frogman Office Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v4.3.10 and earlier (excluding v2 and v3)"
                }
              ]
            },
            {
              "product": "CS-Cart Multivendor Japanese Edition",
              "vendor": "Frogman Office Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v4.3.10 and earlier (excluding v2 and v3)"
                }
              ]
            }
          ],
          "datePublic": "2017-08-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-02T15:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#87770873",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN87770873/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://tips.cs-cart.jp/fix-csrf-20170406.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2138",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CS-Cart Japanese Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v4.3.10 and earlier (excluding v2 and v3)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CS-Cart Multivendor Japanese Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v4.3.10 and earlier (excluding v2 and v3)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Frogman Office Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#87770873",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN87770873/index.html"
                },
                {
                  "name": "http://tips.cs-cart.jp/fix-csrf-20170406.html",
                  "refsource": "MISC",
                  "url": "http://tips.cs-cart.jp/fix-csrf-20170406.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2138",
        "datePublished": "2017-08-02T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:39:32.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4862 (GCVE-0-2016-4862)

    Vulnerability from cvelistv5 – Published: 2017-04-20 18:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/92992 vdb-entryx_refsource_BID
    http://tips.cs-cart.jp/fix-twigmo-vulnerability-2… x_refsource_CONFIRM
    http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-0… third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN55389065/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2016-09-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:38.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "92992",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92992"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://tips.cs-cart.jp/fix-twigmo-vulnerability-20160914.html"
              },
              {
                "name": "JVNDB-2016-000157",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000157.html"
              },
              {
                "name": "JVN#55389065",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN55389065/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-09-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-20T17:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "92992",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/92992"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://tips.cs-cart.jp/fix-twigmo-vulnerability-20160914.html"
            },
            {
              "name": "JVNDB-2016-000157",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000157.html"
            },
            {
              "name": "JVN#55389065",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN55389065/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-4862",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "92992",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/92992"
                },
                {
                  "name": "http://tips.cs-cart.jp/fix-twigmo-vulnerability-20160914.html",
                  "refsource": "CONFIRM",
                  "url": "http://tips.cs-cart.jp/fix-twigmo-vulnerability-20160914.html"
                },
                {
                  "name": "JVNDB-2016-000157",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000157.html"
                },
                {
                  "name": "JVN#55389065",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN55389065/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-4862",
        "datePublished": "2017-04-20T18:00:00.000Z",
        "dateReserved": "2016-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:38.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2701 (GCVE-0-2015-2701)

    Vulnerability from cvelistv5 – Published: 2015-03-25 14:00 – Updated: 2024-08-06 05:24
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/show/osvdb/119632 vdb-entryx_refsource_OSVDB
    http://www.exploit-db.com/exploits/36358 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/72658 vdb-entryx_refsource_BID
    Date Public
    2015-03-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:24:37.988Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "119632",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/119632"
              },
              {
                "name": "36358",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/36358"
              },
              {
                "name": "72658",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72658"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-03-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-01T15:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "119632",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/119632"
            },
            {
              "name": "36358",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/36358"
            },
            {
              "name": "72658",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72658"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2701",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "119632",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/119632"
                },
                {
                  "name": "36358",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/36358"
                },
                {
                  "name": "72658",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/72658"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2701",
        "datePublished": "2015-03-25T14:00:00.000Z",
        "dateReserved": "2015-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:24:37.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7317 (GCVE-0-2013-7317)

    Vulnerability from cvelistv5 – Published: 2014-01-24 15:00 – Updated: 2024-09-17 02:32
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/405942 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:01:20.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#405942",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/405942"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-01-24T15:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#405942",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/405942"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#405942",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/405942"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7317",
        "datePublished": "2014-01-24T15:00:00.000Z",
        "dateReserved": "2014-01-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:32:17.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-0118 (GCVE-0-2013-0118)

    Vulnerability from cvelistv5 – Published: 2013-02-24 11:00 – Updated: 2024-09-17 02:51
    VLAI
    Summary
    CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/583564 third-party-advisoryx_refsource_CERT-VN
    http://www.kb.cert.org/vuls/id/BLUU-949PQL x_refsource_CONFIRM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:18:08.662Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#583564",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/583564"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/BLUU-949PQL"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant\u0027s e-mail address, as demonstrated by setting the recipient to one\u0027s self."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-24T11:00:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#583564",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/583564"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/BLUU-949PQL"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2013-0118",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant\u0027s e-mail address, as demonstrated by setting the recipient to one\u0027s self."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#583564",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/583564"
                },
                {
                  "name": "http://www.kb.cert.org/vuls/id/BLUU-949PQL",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/BLUU-949PQL"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2013-0118",
        "datePublished": "2013-02-24T11:00:00.000Z",
        "dateReserved": "2012-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:51:28.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-4891 (GCVE-0-2009-4891)

    Vulnerability from cvelistv5 – Published: 2010-06-11 14:00 – Updated: 2024-08-07 07:17
    VLAI
    Summary
    SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.exploit-db.com/exploits/8184 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/34048 vdb-entryx_refsource_BID
    Date Public
    2009-03-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:17:26.073Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cscart-productid-sql-injection(49154)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49154"
              },
              {
                "name": "8184",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/8184"
              },
              {
                "name": "34048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34048"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cscart-productid-sql-injection(49154)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49154"
            },
            {
              "name": "8184",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/8184"
            },
            {
              "name": "34048",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34048"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-4891",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cscart-productid-sql-injection(49154)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49154"
                },
                {
                  "name": "8184",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/8184"
                },
                {
                  "name": "34048",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34048"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-4891",
        "datePublished": "2010-06-11T14:00:00.000Z",
        "dateReserved": "2010-06-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:17:26.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2579 (GCVE-0-2009-2579)

    Vulnerability from cvelistv5 – Published: 2009-08-05 19:00 – Updated: 2024-08-07 05:59
    VLAI
    Summary
    SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/35936 vdb-entryx_refsource_BID
    http://secunia.com/advisories/36112 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/505492/100… mailing-listx_refsource_BUGTRAQ
    http://www.bonsai-sec.com/research/vulnerabilitie… x_refsource_MISC
    http://www.cs-cart.com/changelog206.html x_refsource_CONFIRM
    Date Public
    2009-08-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:55.625Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35936",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35936"
              },
              {
                "name": "36112",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36112"
              },
              {
                "name": "20090804 [BONSAI] SQL Injection in CS-Cart",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/505492/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bonsai-sec.com/research/vulnerabilities/cs-cart_SQL-injection-0100.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cs-cart.com/changelog206.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35936",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35936"
            },
            {
              "name": "36112",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36112"
            },
            {
              "name": "20090804 [BONSAI] SQL Injection in CS-Cart",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/505492/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bonsai-sec.com/research/vulnerabilities/cs-cart_SQL-injection-0100.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cs-cart.com/changelog206.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2579",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35936",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35936"
                },
                {
                  "name": "36112",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36112"
                },
                {
                  "name": "20090804 [BONSAI] SQL Injection in CS-Cart",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/505492/100/0/threaded"
                },
                {
                  "name": "http://www.bonsai-sec.com/research/vulnerabilities/cs-cart_SQL-injection-0100.txt",
                  "refsource": "MISC",
                  "url": "http://www.bonsai-sec.com/research/vulnerabilities/cs-cart_SQL-injection-0100.txt"
                },
                {
                  "name": "http://www.cs-cart.com/changelog206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cs-cart.com/changelog206.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2579",
        "datePublished": "2009-08-05T19:00:00.000Z",
        "dateReserved": "2009-07-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:59:55.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-6394 (GCVE-0-2008-6394)

    Vulnerability from cvelistv5 – Published: 2009-03-04 17:00 – Updated: 2024-08-07 11:27
    VLAI
    Summary
    SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/6352 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/31686 third-party-advisoryx_refsource_SECUNIA
    http://www.gulftech.org/?node=research&article_id… x_refsource_MISC
    http://www.securityfocus.com/archive/1/495907/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/30979 vdb-entryx_refsource_BID
    Date Public
    2008-09-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:27:35.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "6352",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6352"
              },
              {
                "name": "31686",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31686"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.gulftech.org/?node=research\u0026article_id=00128-09022008"
              },
              {
                "name": "20080902 CS-Cart \u003c= 1.3.5 SQL Injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/495907/100/0/threaded"
              },
              {
                "name": "cscart-user-sql-injection(44852)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44852"
              },
              {
                "name": "30979",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30979"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "6352",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6352"
            },
            {
              "name": "31686",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31686"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.gulftech.org/?node=research\u0026article_id=00128-09022008"
            },
            {
              "name": "20080902 CS-Cart \u003c= 1.3.5 SQL Injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/495907/100/0/threaded"
            },
            {
              "name": "cscart-user-sql-injection(44852)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44852"
            },
            {
              "name": "30979",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30979"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-6394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "6352",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6352"
                },
                {
                  "name": "31686",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31686"
                },
                {
                  "name": "http://www.gulftech.org/?node=research\u0026article_id=00128-09022008",
                  "refsource": "MISC",
                  "url": "http://www.gulftech.org/?node=research\u0026article_id=00128-09022008"
                },
                {
                  "name": "20080902 CS-Cart \u003c= 1.3.5 SQL Injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/495907/100/0/threaded"
                },
                {
                  "name": "cscart-user-sql-injection(44852)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44852"
                },
                {
                  "name": "30979",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30979"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-6394",
        "datePublished": "2009-03-04T17:00:00.000Z",
        "dateReserved": "2009-03-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:27:35.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1458 (GCVE-0-2008-1458)

    Vulnerability from cvelistv5 – Published: 2008-03-24 18:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29468 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/3762 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/28333 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/489857/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:41.709Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29468",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29468"
              },
              {
                "name": "3762",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3762"
              },
              {
                "name": "cscart-index-xss(41306)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41306"
              },
              {
                "name": "28333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28333"
              },
              {
                "name": "20080319 CS-Cart XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489857/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action.  NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "29468",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29468"
            },
            {
              "name": "3762",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3762"
            },
            {
              "name": "cscart-index-xss(41306)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41306"
            },
            {
              "name": "28333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28333"
            },
            {
              "name": "20080319 CS-Cart XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489857/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1458",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action.  NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29468",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29468"
                },
                {
                  "name": "3762",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3762"
                },
                {
                  "name": "cscart-index-xss(41306)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41306"
                },
                {
                  "name": "28333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28333"
                },
                {
                  "name": "20080319 CS-Cart XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489857/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1458",
        "datePublished": "2008-03-24T18:00:00.000Z",
        "dateReserved": "2008-03-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:41.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }