ReportizFlow
Filtered by vendor Cs-cart
Subscriptions
Filtered by product Cs-cart Multivendor
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2138 | 1 Cs-cart | 2 Cs-cart, Cs-cart Multivendor | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2017-10886 | 1 Cs-cart | 2 Cs-cart, Cs-cart Multivendor | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2023-26689 | 1 Cs-cart | 1 Cs-cart Multivendor | 2024-09-26 | 9.8 Critical |
| An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request. | ||||
| CVE-2023-26686 | 1 Cs-cart | 1 Cs-cart Multivendor | 2024-09-26 | 9.8 Critical |
| File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop. | ||||
| CVE-2023-26688 | 1 Cs-cart | 1 Cs-cart Multivendor | 2024-09-26 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface. | ||||
| CVE-2023-26687 | 1 Cs-cart | 1 Cs-cart Multivendor | 2024-09-26 | 8.8 High |
| Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on. | ||||
| CVE-2023-26691 | 1 Cs-cart | 1 Cs-cart Multivendor | 2024-09-26 | 7.2 High |
| Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on. | ||||
| CVE-2023-26690 | 1 Cs-cart | 1 Cs-cart Multivendor | 2024-09-26 | 8.8 High |
| File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu. | ||||
Page 1 of 1.