VYPR
Medium severity5.4OSV Advisory· Published May 1, 2022· Updated Jun 17, 2026

CVE-2022-21149

CVE-2022-21149

Description

The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
s-cart/corePackagist
< 6.96.9
s-cart/s-cartPackagist
< 6.96.9

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.