Search criteria
5 vulnerabilities by s-cart
CVE-2022-21149 (GCVE-0-2022-21149)
Vulnerability from cvelistv5 – Published: 2022-05-01 15:30 – Updated: 2024-09-16 18:08
VLAI?
Title
Cross-site Scripting (XSS)
Summary
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.
Severity ?
5.4 (Medium)
CWE
- Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035 | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | s-cart/s-cart |
Affected:
unspecified , < 6.9
(custom)
|
|
| n/a | s-cart/core |
Affected:
unspecified , < 6.9
(custom)
|
Date Public ?
2022-05-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "s-cart/s-cart",
"vendor": "n/a",
"versions": [
{
"lessThan": "6.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "s-cart/core",
"vendor": "n/a",
"versions": [
{
"lessThan": "6.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Faisal Fs"
}
],
"datePublic": "2022-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user\u0027s account through the stolen cookie."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-01T15:30:50.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036"
}
],
"title": "Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-05-01T15:25:10.648352Z",
"ID": "CVE-2022-21149",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "s-cart/s-cart",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.9"
}
]
}
}
]
},
"vendor_name": "n/a"
},
{
"product": {
"product_data": [
{
"product_name": "s-cart/core",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Faisal Fs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user\u0027s account through the stolen cookie."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035"
},
{
"name": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-21149",
"datePublished": "2022-05-01T15:30:50.231Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:08:49.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44111 (GCVE-0-2021-44111)
Vulnerability from cvelistv5 – Published: 2022-02-11 17:21 – Updated: 2024-08-04 04:10
VLAI?
Summary
A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/s-cart/s-cart/issues/102 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/issues/102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-11T17:21:46.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/issues/102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s-cart/s-cart/issues/102",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/issues/102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44111",
"datePublished": "2022-02-11T17:21:46.000Z",
"dateReserved": "2021-11-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:10:17.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38847 (GCVE-0-2021-38847)
Vulnerability from cvelistv5 – Published: 2021-11-01 14:32 – Updated: 2024-08-04 01:51
VLAI?
Summary
S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/bousalman/S-Cart-Arbitrary-Fil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T14:32:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload",
"refsource": "MISC",
"url": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38847",
"datePublished": "2021-11-01T14:32:48.000Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:51:20.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28456 (GCVE-0-2020-28456)
Vulnerability from cvelistv5 – Published: 2020-12-15 15:35 – Updated: 2024-09-16 17:33
VLAI?
Title
Cross-site Scripting (XSS)
Summary
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.
Severity ?
7.3 (High)
CWE
- Cross-site Scripting (XSS)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/s-cart/s-cart/releases/tag/v4.4 | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609 | x_refsource_MISC |
| https://github.com/s-cart/s-cart/issues/52 | x_refsource_MISC |
| https://github.com/s-cart/core/commit/f4b28112930… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | s-cart/core |
Affected:
unspecified , < 4.4
(custom)
|
Date Public ?
2020-12-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:58.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/issues/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "s-cart/core",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Abdul Muhaimin"
}
],
"datePublic": "2020-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T15:35:21.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/issues/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219"
}
],
"title": "Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2020-12-15T15:34:49.186584Z",
"ID": "CVE-2020-28456",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "s-cart/core",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Abdul Muhaimin"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s-cart/s-cart/releases/tag/v4.4",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"name": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047609"
},
{
"name": "https://github.com/s-cart/s-cart/issues/52",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/issues/52"
},
{
"name": "https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219",
"refsource": "MISC",
"url": "https://github.com/s-cart/core/commit/f4b2811293063a3a2bb497b2512d8a18bd202219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28456",
"datePublished": "2020-12-15T15:35:21.935Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:33:09.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28457 (GCVE-0-2020-28457)
Vulnerability from cvelistv5 – Published: 2020-12-15 15:35 – Updated: 2024-09-16 20:22
VLAI?
Title
Cross-site Scripting (XSS)
Summary
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS.
Severity ?
CWE
- Cross-site Scripting (XSS)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342 | x_refsource_MISC |
| https://github.com/s-cart/s-cart/issues/51 | x_refsource_MISC |
| https://github.com/s-cart/s-cart/releases/tag/v4.4 | x_refsource_MISC |
| https://github.com/s-cart/s-cart/commit/4406d407a… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | s-cart/core |
Affected:
unspecified , < 4.4
(custom)
|
Date Public ?
2020-12-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/issues/51"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s-cart/s-cart/commit/4406d407ad363ee7e4795ee290c9d2430b0413f8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "s-cart/core",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Abdul Muhaimin"
}
],
"datePublic": "2020-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 6.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T15:35:14.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/issues/51"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s-cart/s-cart/commit/4406d407ad363ee7e4795ee290c9d2430b0413f8"
}
],
"title": "Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2020-12-15T15:34:59.114509Z",
"ID": "CVE-2020-28457",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "s-cart/core",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Abdul Muhaimin"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-SCARTCORE-1047342"
},
{
"name": "https://github.com/s-cart/s-cart/issues/51",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/issues/51"
},
{
"name": "https://github.com/s-cart/s-cart/releases/tag/v4.4",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/releases/tag/v4.4"
},
{
"name": "https://github.com/s-cart/s-cart/commit/4406d407ad363ee7e4795ee290c9d2430b0413f8",
"refsource": "MISC",
"url": "https://github.com/s-cart/s-cart/commit/4406d407ad363ee7e4795ee290c9d2430b0413f8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28457",
"datePublished": "2020-12-15T15:35:14.870Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:22:37.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}