263 matches found
CVE-2025-50847
Cross Site Request Forgery CSRF vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request...
PT-2025-31558 · Cs Cart · Cs-Cart
Name of the Vulnerable Software and Affected Versions: CS Cart version 4.18.3 Description: A file upload vulnerability exists that allows attackers to execute arbitrary code. The software allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This...
CVE-2025-50850
An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords brute-force attack to gain unauthoriz...
CS Cart 安全漏洞
CS Cart is an e-commerce system from the US-based company CS Cart. A security vulnerability exists in CS Cart version 4.18.3, which stems from a lack of security controls and could lead to a brute force attack...
CVE-2025-50849
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference IDOR. The user profile functionality allows enabling or disabling stickers through a parameter companyid sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate...
CVE-2025-50850
CS Cart 4.18.3 contains a login vulnerability where the vendor login endpoint lacks CAPTCHA verification and rate limiting, enabling brute-force attempts to gain unauthorized vendor access. The confirmed details indicate the issue stems from missing security controls on the login functionality, w...
CS Cart 安全漏洞
CS Cart is an e-commerce system from CS Cart Inc. in the United States. A security vulnerability exists in CS Cart version 4.18.3, which stems from an insecure direct object reference that could lead to unauthorized manipulation of other user accounts...
PT-2025-31554 · Cs Cart · Cs-Cart
Name of the Vulnerable Software and Affected Versions: CS Cart version 4.18.3 Description: The vendor login functionality lacks essential security controls, such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and...
CVE-2025-50847
Cross Site Request Forgery CSRF vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request...
CVE-2025-50848
A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious...
CVE-2023-26691
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on...
CVE-2023-26686
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...
CVE-2023-26688
Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...
CVE-2023-26689
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...
CVE-2023-26690
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...
CVE-2023-26687
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...
CVE-2021-32202
In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page...
CVE-2020-9009
The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database via action=shipnotify because access to this endpoint is completely unchecked. The attacker must guess an order number...
CVE-2020-8889
The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information via action=export because a typo results in a successful comparison of a blank password and NULL...
CVE-2013-7317
Multiple cross-site scripting XSS vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 settingsfile or 2 datafile parameter to a ampie.swf, b amline.swf, or c amcolumn.swf...