Low severityNVD Advisory· Published Sep 23, 2025· Updated Sep 24, 2025
CVE-2025-57407
CVE-2025-57407
Description
A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which could lead to session hijacking or other malicious actions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
s-cart/corePackagist | <= 9.0.5 | — |
gp247/corePackagist | < 1.1.24 | 1.1.24 |
Affected products
3- ghsa-coords2 versions
< 1.1.24+ 1 more
- (no CPE)range: < 1.1.24
- (no CPE)range: <= 9.0.5
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-46v4-5mc8-q2cfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-57407ghsaADVISORY
- github.com/gp247net/core/commit/e9848706b41d835ca3d668cb1554650403e86da1ghsaWEB
- github.com/gp247net/core/releases/tag/1.1.24ghsaWEB
- github.com/s-cart/core/blob/7c9aa42761be5fd0131c61dbe2b5323beb96d5dd/src/Admin/Controllers/AdminLogController.phpghsaWEB
News mentions
0No linked articles in our index yet.