2 matches found
CVE-2015-0950
X-Cart 5.1.6–5.1.10 contains a reflected XSS in admin.php via the substring parameter, allowing remote script injection in the user’s browser. Root cause: improper handling of input leading to script execution. Impact: remote attacker could run arbitrary script in the context of victims’ sessions...
X-Cart contains multiple vulnerabilities
Overview X-Cart versions 5.1.6 through 5.1.10 are vulnerable to cross-site scripting XSS, and versions 5.1.10 and below are vulnerable to authorization bypass. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2015-0950X-Cart versions 5.1...