2 matches found
CVE-2015-0951
CVE-2015-0951 affects X-Cart before 5.1.11, enabling a remote, authenticated attacker to read or delete address data of other users via manipulated update/remove requests (insecure direct object reference). The issue affects 5.1.10 and earlier per CNVD/NVD/Cert notes; vendor fix is X-Cart 5.1.11....
X-Cart contains multiple vulnerabilities
Overview X-Cart versions 5.1.6 through 5.1.10 are vulnerable to cross-site scripting XSS, and versions 5.1.10 and below are vulnerable to authorization bypass. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2015-0950X-Cart versions 5.1...