58 matches found
EUVD-2020-20889
Malware in sbrugna...
EUVD-2021-25284
Malware in sbrugna...
EUVD-2020-20888
Malware in sbrugna...
EUVD-2022-1034
Malicious code in bioql PyPI...
EUVD-2022-3039
Malicious code in bioql PyPI...
EUVD-2025-30918
Malicious code in bioql PyPI...
CVE-2025-57407
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
GHSA-46V4-5MC8-Q2CF GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
CVE-2025-57407
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
CVE-2025-57407
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
CVE-2025-57407
This CVE affects s-cart components (notably s-cart/core and gp247/core) and the Admin Log Viewer, where a stored XSS flaw allows a remote authenticated attacker to inject arbitrary script via a crafted User-Agent header. The vulnerability arises from improper handling/sanitization of User-Agent d...
CVE-2025-57407
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
s-cart 安全漏洞
s-cart is a Php-based e-commerce management platform from the s-cart community. A security vulnerability exists in s-cart 10.0.3 and earlier versions, which stems from an insufficient validation of the User-Agent header and could lead to a stored cross-site scripting attack...
CVE-2025-57407
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
CVE-2021-38847
S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file...
s-cart Cross-Site Scripting Vulnerability (CNVD-2022-70091)
s-cart is a Php-based e-commerce management platform from the s-cart community. s-cart versions prior to 6.9 contain a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side, which can steal cookies from any victim who accesses the...
Cross-site Scripting (XSS)
s-cart/s-cart and s-cart/core are vulnerable to cross-site scriptingXSS attacks. An attacker is able to steal user cookies by tricking a victim to visit a specifically crafted URL and gain unauthorized access to that user's account...
CVE-2022-21149
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting XSS which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie...
CVE-2022-21149
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting XSS which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie...
Cross site scripting
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting XSS which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie...