Lucene search
K

263 matches found

Cvelist
Cvelist
added 2025/07/31 12:0 a.m.11 views

CVE-2025-50847

Cross Site Request Forgery CSRF vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request...

0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.5 views

PT-2025-31558 · Cs Cart · Cs-Cart

Name of the Vulnerable Software and Affected Versions: CS Cart version 4.18.3 Description: A file upload vulnerability exists that allows attackers to execute arbitrary code. The software allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This...

6.1CVSS6AI score0.0022EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/07/31 12:0 a.m.11 views

CVE-2025-50850

An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords brute-force attack to gain unauthoriz...

0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.5 views

CS Cart 安全漏洞

CS Cart is an e-commerce system from the US-based company CS Cart. A security vulnerability exists in CS Cart version 4.18.3, which stems from a lack of security controls and could lead to a brute force attack...

8.6CVSS6.6AI score0.0023EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/31 12:0 a.m.13 views

CVE-2025-50849

CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference IDOR. The user profile functionality allows enabling or disabling stickers through a parameter companyid sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate...

0.00251EPSS
Exploits0References1
CVE
CVE
added 2025/07/31 12:0 a.m.21 views

CVE-2025-50850

CS Cart 4.18.3 contains a login vulnerability where the vendor login endpoint lacks CAPTCHA verification and rate limiting, enabling brute-force attempts to gain unauthorized vendor access. The confirmed details indicate the issue stems from missing security controls on the login functionality, w...

8.6CVSS7.4AI score0.0023EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.5 views

CS Cart 安全漏洞

CS Cart is an e-commerce system from CS Cart Inc. in the United States. A security vulnerability exists in CS Cart version 4.18.3, which stems from an insecure direct object reference that could lead to unauthorized manipulation of other user accounts...

8CVSS6.6AI score0.00251EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.5 views

PT-2025-31554 · Cs Cart · Cs-Cart

Name of the Vulnerable Software and Affected Versions: CS Cart version 4.18.3 Description: The vendor login functionality lacks essential security controls, such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and...

8.6CVSS6.8AI score0.0023EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/07/31 12:0 a.m.4 views

CVE-2025-50847

Cross Site Request Forgery CSRF vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request...

6.4AI score0.00135EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/07/31 12:0 a.m.3 views

CVE-2025-50848

A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious...

6.1CVSS6.3AI score0.0022EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.5 views

CVE-2023-26691

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on...

7.2CVSS7.5AI score0.01245EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.5 views

CVE-2023-26686

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...

9.8CVSS7.7AI score0.00711EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.5 views

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

5.4CVSS6.5AI score0.00423EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:34 a.m.5 views

CVE-2023-26689

An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...

9.8CVSS7AI score0.0062EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:29 a.m.17 views

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

8.8CVSS7.6AI score0.00684EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:29 a.m.14 views

CVE-2023-26687

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...

8.8CVSS6.5AI score0.0128EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:44 p.m.6 views

CVE-2021-32202

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page...

6.1CVSS6AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:53 p.m.4 views

CVE-2020-9009

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database via action=shipnotify because access to this endpoint is completely unchecked. The attacker must guess an order number...

3.7CVSS6.9AI score0.00633EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:43 p.m.8 views

CVE-2020-8889

The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information via action=export because a typo results in a successful comparison of a blank password and NULL...

7.5CVSS6.8AI score0.01004EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:6 a.m.8 views

CVE-2013-7317

Multiple cross-site scripting XSS vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 settingsfile or 2 datafile parameter to a ampie.swf, b amline.swf, or c amcolumn.swf...

4.3CVSS6AI score0.01012EPSS
Exploits0References1
Rows per page
Query Builder