VYPR
Low severityNVD Advisory· Published Sep 23, 2025· Updated Sep 24, 2025

CVE-2025-57407

CVE-2025-57407

Description

A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which could lead to session hijacking or other malicious actions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
s-cart/corePackagist
<= 9.0.5
gp247/corePackagist
< 1.1.241.1.24

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.