Cs-cart Multivendor Security Vulnerabilities and Issues — Cs-cart Multivendor CVE List

Lucene search

Cs-cartCs-cart Multivendor

8 matches found

CVE•added 2017/08/02 4:29 p.m.•42 views

CVE-2017-2138

Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

8.8CVSS8.8AI score0.00154EPSS

CVE•added 2024/09/25 1:15 a.m.•40 views

CVE-2023-26686

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.

9.8CVSS7.6AI score0.00971EPSS

CVE•added 2024/09/25 1:15 a.m.•39 views

CVE-2023-26689

An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.

9.8CVSS7.2AI score0.00081EPSS

CVE•added 2017/11/17 2:29 p.m.•37 views

CVE-2017-10886

Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5.2AI score0.00253EPSS

CVE•added 2024/09/25 1:15 a.m.•33 views

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu.

8.8CVSS7.6AI score0.00379EPSS

CVE•added 2024/09/25 1:15 a.m.•32 views

CVE-2023-26687

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on.

8.8CVSS6.7AI score0.01209EPSS

CVE•added 2024/09/25 1:15 a.m.•31 views

CVE-2023-26688

Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface.

5.4CVSS6.3AI score0.00021EPSS

CVE•added 2024/09/25 1:15 a.m.•30 views

CVE-2023-26691

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.

7.2CVSS7.5AI score0.01137EPSS