2 matches found
📄 CubeCart 6.x.x Cross Site Scripting
CubeCart versions prior to 6.7.0 suffer from a cross site scripting vulnerability. Exploit Title: CubeCart alert"Test!" 3- Press Enter. 4- Observe the alert box popping up on the screen, confirming the XSS execution. Alternative Direct Link:...
CVE-2026-44376 CubeCart: Reflected XSS in Store Search Bar
CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product...