Search
Find a vulnerability
Search criteria
10 vulnerabilities by s-cart
CVE-2022-21149 (GCVE-0-2022-21149)
Vulnerability from nvd – Published: 2022-05-01 15:30 – Updated: 2024-09-16 18:08
VLAI
Title
Cross-site Scripting (XSS)
Summary
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.
Severity
5.4 (Medium)
CWE
- Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035 | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | s-cart/s-cart |
Affected:
unspecified , < 6.9
(custom)
|
|
| n/a | s-cart/core |
Affected:
unspecified , < 6.9
(custom)
|
Date Public
2022-05-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "s-cart/s-cart",
"vendor": "n/a",
"versions": [
{
"lessThan": "6.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "s-cart/core",
"vendor": "n/a",
"versions": [
{
"lessThan": "6.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Faisal Fs"
}
],
"datePublic": "2022-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user\u0027s account through the stolen cookie."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-01T15:30:50.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036"
}
],
"title": "Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-05-01T15:25:10.648352Z",
"ID": "CVE-2022-21149",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "s-cart/s-cart",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.9"
}
]
}
}
]
},
"vendor_name": "n/a"
},
{
"product": {
"product_data": [
{
"product_name": "s-cart/core",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Faisal Fs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user\u0027s account through the stolen cookie."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035"
},
{
"name": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-21149",
"datePublished": "2022-05-01T15:30:50.231Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:08:49.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44111 (GCVE-0-2021-44111)
Vulnerability from nvd – Published: 2022-02-11 17:21 – Updated: 2024-08-04 04:10
VLAI
Summary
A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/s-cart/s-cart/issues/102 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/issues/102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-11T17:21:46.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/issues/102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s-cart/s-cart/issues/102",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/issues/102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44111",
"datePublished": "2022-02-11T17:21:46.000Z",
"dateReserved": "2021-11-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:10:17.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38847 (GCVE-0-2021-38847)
Vulnerability from nvd – Published: 2021-11-01 14:32 – Updated: 2024-08-04 01:51
VLAI
Summary
S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/bousalman/S-Cart-Arbitrary-Fil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T14:32:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload",
"refsource": "MISC",
"url": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38847",
"datePublished": "2021-11-01T14:32:48.000Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:51:20.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28457 (GCVE-0-2020-28457)
Vulnerability from nvd – Published: 2020-12-15 15:35 – Updated: 2024-09-16 20:22
VLAI
Title
Cross-site Scripting (XSS)
Summary
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS.
Severity
CWE
- Cross-site Scripting (XSS)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342 | x_refsource_MISC |
| https://github.com/s-cart/s-cart/issues/51 | x_refsource_MISC |
| https://github.com/s-cart/s-cart/releases/tag/v4.4 | x_refsource_MISC |
| https://github.com/s-cart/s-cart/commit/4406d407a… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | s-cart/core |
Affected:
unspecified , < 4.4
(custom)
|
Date Public
2020-12-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/issues/51"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/commit/4406d407ad363ee7e4795ee290c9d2430b0413f8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "s-cart/core",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Abdul Muhaimin"
}
],
"datePublic": "2020-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 6.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T15:35:14.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/issues/51"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/commit/4406d407ad363ee7e4795ee290c9d2430b0413f8"
}
],
"title": "Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2020-12-15T15:34:59.114509Z",
"ID": "CVE-2020-28457",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "s-cart/core",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Abdul Muhaimin"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342"
},
{
"name": "https://github.com/s-cart/s-cart/issues/51",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/issues/51"
},
{
"name": "https://github.com/s-cart/s-cart/releases/tag/v4.4",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"name": "https://github.com/s-cart/s-cart/commit/4406d407ad363ee7e4795ee290c9d2430b0413f8",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/commit/4406d407ad363ee7e4795ee290c9d2430b0413f8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28457",
"datePublished": "2020-12-15T15:35:14.870Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:22:37.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28456 (GCVE-0-2020-28456)
Vulnerability from nvd – Published: 2020-12-15 15:35 – Updated: 2024-09-16 17:33
VLAI
Title
Cross-site Scripting (XSS)
Summary
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.
Severity
7.3 (High)
CWE
- Cross-site Scripting (XSS)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/s-cart/s-cart/releases/tag/v4.4 | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609 | x_refsource_MISC |
| https://github.com/s-cart/s-cart/issues/52 | x_refsource_MISC |
| https://github.com/s-cart/core/commit/f4b28112930… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | s-cart/core |
Affected:
unspecified , < 4.4
(custom)
|
Date Public
2020-12-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:58.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/issues/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "s-cart/core",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Abdul Muhaimin"
}
],
"datePublic": "2020-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T15:35:21.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/issues/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219"
}
],
"title": "Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2020-12-15T15:34:49.186584Z",
"ID": "CVE-2020-28456",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "s-cart/core",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Abdul Muhaimin"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s-cart/s-cart/releases/tag/v4.4",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"name": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609"
},
{
"name": "https://github.com/s-cart/s-cart/issues/52",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/issues/52"
},
{
"name": "https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219",
"refsource": "MISC",
"url": "https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28456",
"datePublished": "2020-12-15T15:35:21.935Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:33:09.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21149 (GCVE-0-2022-21149)
Vulnerability from cvelistv5 – Published: 2022-05-01 15:30 – Updated: 2024-09-16 18:08
VLAI
Title
Cross-site Scripting (XSS)
Summary
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.
Severity
5.4 (Medium)
CWE
- Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035 | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | s-cart/s-cart |
Affected:
unspecified , < 6.9
(custom)
|
|
| n/a | s-cart/core |
Affected:
unspecified , < 6.9
(custom)
|
Date Public
2022-05-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "s-cart/s-cart",
"vendor": "n/a",
"versions": [
{
"lessThan": "6.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "s-cart/core",
"vendor": "n/a",
"versions": [
{
"lessThan": "6.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Faisal Fs"
}
],
"datePublic": "2022-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user\u0027s account through the stolen cookie."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-01T15:30:50.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036"
}
],
"title": "Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-05-01T15:25:10.648352Z",
"ID": "CVE-2022-21149",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "s-cart/s-cart",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.9"
}
]
}
}
]
},
"vendor_name": "n/a"
},
{
"product": {
"product_data": [
{
"product_name": "s-cart/core",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Faisal Fs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user\u0027s account through the stolen cookie."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035"
},
{
"name": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-21149",
"datePublished": "2022-05-01T15:30:50.231Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:08:49.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44111 (GCVE-0-2021-44111)
Vulnerability from cvelistv5 – Published: 2022-02-11 17:21 – Updated: 2024-08-04 04:10
VLAI
Summary
A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/s-cart/s-cart/issues/102 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/issues/102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-11T17:21:46.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/issues/102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s-cart/s-cart/issues/102",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/issues/102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44111",
"datePublished": "2022-02-11T17:21:46.000Z",
"dateReserved": "2021-11-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:10:17.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38847 (GCVE-0-2021-38847)
Vulnerability from cvelistv5 – Published: 2021-11-01 14:32 – Updated: 2024-08-04 01:51
VLAI
Summary
S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/bousalman/S-Cart-Arbitrary-Fil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T14:32:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload",
"refsource": "MISC",
"url": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38847",
"datePublished": "2021-11-01T14:32:48.000Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:51:20.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28456 (GCVE-0-2020-28456)
Vulnerability from cvelistv5 – Published: 2020-12-15 15:35 – Updated: 2024-09-16 17:33
VLAI
Title
Cross-site Scripting (XSS)
Summary
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.
Severity
7.3 (High)
CWE
- Cross-site Scripting (XSS)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/s-cart/s-cart/releases/tag/v4.4 | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609 | x_refsource_MISC |
| https://github.com/s-cart/s-cart/issues/52 | x_refsource_MISC |
| https://github.com/s-cart/core/commit/f4b28112930… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | s-cart/core |
Affected:
unspecified , < 4.4
(custom)
|
Date Public
2020-12-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:58.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/issues/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "s-cart/core",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Abdul Muhaimin"
}
],
"datePublic": "2020-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T15:35:21.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/issues/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219"
}
],
"title": "Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2020-12-15T15:34:49.186584Z",
"ID": "CVE-2020-28456",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "s-cart/core",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Abdul Muhaimin"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s-cart/s-cart/releases/tag/v4.4",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"name": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609"
},
{
"name": "https://github.com/s-cart/s-cart/issues/52",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/issues/52"
},
{
"name": "https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219",
"refsource": "MISC",
"url": "https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28456",
"datePublished": "2020-12-15T15:35:21.935Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:33:09.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28457 (GCVE-0-2020-28457)
Vulnerability from cvelistv5 – Published: 2020-12-15 15:35 – Updated: 2024-09-16 20:22
VLAI
Title
Cross-site Scripting (XSS)
Summary
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS.
Severity
CWE
- Cross-site Scripting (XSS)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342 | x_refsource_MISC |
| https://github.com/s-cart/s-cart/issues/51 | x_refsource_MISC |
| https://github.com/s-cart/s-cart/releases/tag/v4.4 | x_refsource_MISC |
| https://github.com/s-cart/s-cart/commit/4406d407a… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | s-cart/core |
Affected:
unspecified , < 4.4
(custom)
|
Date Public
2020-12-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/issues/51"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/commit/4406d407ad363ee7e4795ee290c9d2430b0413f8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "s-cart/core",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Abdul Muhaimin"
}
],
"datePublic": "2020-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 6.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T15:35:14.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/issues/51"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/commit/4406d407ad363ee7e4795ee290c9d2430b0413f8"
}
],
"title": "Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2020-12-15T15:34:59.114509Z",
"ID": "CVE-2020-28457",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "s-cart/core",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Abdul Muhaimin"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342"
},
{
"name": "https://github.com/s-cart/s-cart/issues/51",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/issues/51"
},
{
"name": "https://github.com/s-cart/s-cart/releases/tag/v4.4",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"name": "https://github.com/s-cart/s-cart/commit/4406d407ad363ee7e4795ee290c9d2430b0413f8",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/commit/4406d407ad363ee7e4795ee290c9d2430b0413f8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28457",
"datePublished": "2020-12-15T15:35:14.870Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:22:37.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}