12 matches found
EUVD-2020-20888
Malware in sbrugna...
CVE-2022-21149
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting XSS which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie...
Cross-site Scripting (XSS)
Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the...
Cross-site Scripting (XSS)
Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing sanitization in AdminCurrencyController. PoC Login as manager/administrator, then go to Localisation Currencies. When adding or editing...
SQL Injection
Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to SQL Injection via the keyword parameter in /scadmin/currency. Remediation Upgrade s-cart/core to version 6.3.0.3 or higher. References - GitHub Additional Information - GitHub Commi...
SQL Injection in s-cart/core
✍️ Description Searching keyword in/scadmin/currency is vulnerable to SQL injection. This will allow a user to run arbitrary SQL queries and completely delete, edit, export or change all information in the database - potentially rendering the entire platform unusable. 🕵️♂️ Proof of Concept Login...
CVE-2020-28457
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS...
CVE-2020-28457
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS...
Cross site scripting
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting XSS via the admin panel...
Cross site scripting
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS...
CVE-2020-28456 Cross-site Scripting (XSS)
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting XSS via the admin panel...
Cross-site Scripting (XSS)
Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS. PoC:...