Lucene search
K
OpensolutionQuick.cart6.7

4 matches found

CVE
CVE
added 2026/01/22 11:57 a.m.19 views

CVE-2025-67683

CVE-2025-67683 (Quick.Cart) is a reflected XSS vulnerability caused by the sSort parameter. The issue allows an attacker to craft a URL that, when opened by a victim, executes arbitrary JavaScript in the browser. Public references in the provided documents indicate that only version 6.7 was teste...

6.1CVSS5.8AI score0.00253EPSS
CVE
CVE
added 2026/02/05 11:7 a.m.16 views

CVE-2026-23797

CVE-2026-23797 — Quick.Cart password exposure : The vulnerability in Quick.Cart stores passwords in plaintext, allowing a highly privileged attacker to display user passwords on the user editing page. Red Hat entries corroborate the claim that only version 6.7 has been tested and confirmed vulner...

6.9CVSS5.4AI score0.00245EPSS
CVE
CVE
added 2026/02/05 11:7 a.m.14 views

CVE-2026-23796

CVE-2026-23796 concerns a session-fixation vulnerability in Quick.Cart. According to the provided documents, a user’s session identifier can be set before authentication and remains unchanged after login, enabling an attacker to fix a session ID for a victim and potentially hijack the authenticat...

9.8CVSS5.4AI score0.00268EPSS
CVE
CVE
added 2026/01/22 11:57 a.m.13 views

CVE-2025-67684

CVE-2025-67684 : Quick.Cart is vulnerable to Local File Inclusion and Path Traversal in the theme selection mechanism. A privileged user can upload arbitrary file contents and, since only the filename extension is validated, include and execute uploaded PHP code, causing Remote Code Execution on ...

9.4CVSS6.2AI score0.00731EPSS