Lucene search
K

615 matches found

CVE
CVE
added 2026/05/13 8:42 p.m.12 views

CVE-2026-45053

CubeCart before version 6.7.0 has an Authenticated Arbitrary File Upload flaw in the REST API File Manager (POST /api/v1/files). An API key with files:rw can upload PHP source files into web-accessible images/source/, and a path-traversal flaw in the filepath parameter allows the uploaded code to...

9.1CVSS5.8AI score0.00585EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 8:42 p.m.17 views

CVE-2026-45053 CubeCart: Authenticated Arbitrary File Upload to RCE in REST Files API

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint POST /api/v1/files of CubeCart. The endpoint allows any holder of an API key with files:rw permission to upload PHP source files into the...

9.1CVSS5.8AI score0.00585EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:40 p.m.8 views

CVE-2026-44376

CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product...

6.1CVSS5.8AI score0.00697EPSS
Exploits2References3Affected Software1
EUVD
EUVD
added 2026/05/13 8:40 p.m.7 views

EUVD-2026-30164

CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product...

6.1CVSS5.8AI score0.00697EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/05/13 8:40 p.m.32 views

CVE-2026-44376 CubeCart: Reflected XSS in Store Search Bar

CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product...

6.1CVSS0.00697EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/13 8:40 p.m.8 views

CVE-2026-44376 CubeCart: Reflected XSS in Store Search Bar

CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product...

6.1CVSS5.8AI score0.00697EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/13 8:39 p.m.7 views

CVE-2026-39428 CubeCart: Stored Cross-Site Scripting (XSS)

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:39 p.m.7 views

CVE-2026-39428

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 8:39 p.m.31 views

CVE-2026-39428 CubeCart: Stored Cross-Site Scripting (XSS)

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

4.8CVSS0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 8:39 p.m.9 views

EUVD-2026-30157

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 8:39 p.m.14 views

CVE-2026-39428

CubeCart CVE-2026-39428: A Stored XSS vulnerability affected CubeCart v6.x prior to 6.6.0, where an admin could inject JavaScript into product fields during creation/modification. Payloads stored in the database could execute when users (customers or admins) view affected product pages, potential...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 8:38 p.m.30 views

CVE-2026-39358 CubeCart: Time-based Blind SQL Injection

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

7.2CVSS0.00307EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:38 p.m.6 views

CVE-2026-39358

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

7.2CVSS6.2AI score0.00307EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/13 8:38 p.m.10 views

EUVD-2026-30156

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

7.2CVSS6.2AI score0.00307EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 8:38 p.m.14 views

CVE-2026-39358

CubeCart

7.2CVSS6.2AI score0.00307EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 8:36 p.m.9 views

EUVD-2026-30165

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

9.1CVSS5.9AI score0.00735EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 8:36 p.m.12 views

CVE-2026-44377

CVE-2026-44377 affects CubeCart before version 6.7.0. It describes an authenticated SSTI in multiple modules (including Email Templates and Documents) where user-supplied input is unsafely evaluated by the Smarty template engine. An authenticated administrator can bypass restrictions and invoke n...

9.1CVSS5.9AI score0.00735EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 8:36 p.m.30 views

CVE-2026-44377 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

9.1CVSS0.00735EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:36 p.m.7 views

CVE-2026-44377

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

9.1CVSS5.9AI score0.00735EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 8:36 p.m.9 views

CVE-2026-44377 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

9.1CVSS5.9AI score0.00735EPSS
Exploits0References2
Rows per page
Query Builder