VYPR
Unrated severityNVD Advisory· Published Apr 5, 2015· Updated Jun 17, 2026

CVE-2015-0950

CVE-2015-0950

Description

Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Qualiteam/X Cart5 versions
    cpe:2.3:a:qualiteam:x-cart:5.1.10:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:qualiteam:x-cart:5.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:qualiteam:x-cart:5.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:qualiteam:x-cart:5.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:qualiteam:x-cart:5.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:qualiteam:x-cart:5.1.9:*:*:*:*:*:*:*
  • E Cart/E Cartllm-fuzzy
    Range: 5.1.6 - 5.1.10

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.