4 matches found
CVE-2025-67683
CVE-2025-67683 (Quick.Cart) is a reflected XSS vulnerability caused by the sSort parameter. The issue allows an attacker to craft a URL that, when opened by a victim, executes arbitrary JavaScript in the browser. Public references in the provided documents indicate that only version 6.7 was teste...
CVE-2026-23797
CVE-2026-23797 — Quick.Cart password exposure : The vulnerability in Quick.Cart stores passwords in plaintext, allowing a highly privileged attacker to display user passwords on the user editing page. Red Hat entries corroborate the claim that only version 6.7 has been tested and confirmed vulner...
CVE-2026-23796
CVE-2026-23796 concerns a session-fixation vulnerability in Quick.Cart. According to the provided documents, a user’s session identifier can be set before authentication and remains unchanged after login, enabling an attacker to fix a session ID for a victim and potentially hijack the authenticat...
CVE-2025-67684
CVE-2025-67684 : Quick.Cart is vulnerable to Local File Inclusion and Path Traversal in the theme selection mechanism. A privileged user can upload arbitrary file contents and, since only the filename extension is validated, include and execute uploaded PHP code, causing Remote Code Execution on ...