Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified...
6.1CVSS
6AI Score
0.001EPSS
5.3CVSS
7.3AI Score
0.001EPSS
8CVSS
7.7AI Score
0.001EPSS
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods...
8.8CVSS
8.6AI Score
0.005EPSS
LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each...
7.5CVSS
7.5AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2)...
5.8AI Score
0.006EPSS