7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.8%
CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant’s e-mail address, as demonstrated by setting the recipient to one’s self.
www.kb.cert.org/vuls/id/583564
www.kb.cert.org/vuls/id/BLUU-949PQL