VYPR

Cs Cart Multivendor

by Office Ocx

CVEs (9)

  • CVE-2017-2138HigAug 2, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via…

  • CVE-2016-4862HigApr 20, 2017
    risk 0.57cvss 8.8epss 0.02

    Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.

  • CVE-2017-10886MedNov 17, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2023-26688Sep 24, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface.

  • CVE-2023-26690Sep 24, 2024
    risk 0.00cvss epss 0.01

    File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu.

  • CVE-2023-26686Sep 24, 2024
    risk 0.00cvss epss 0.01

    File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.

  • CVE-2023-26687Sep 24, 2024
    risk 0.00cvss epss 0.01

    Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on.

  • CVE-2023-26691Sep 24, 2024
    risk 0.00cvss epss 0.01

    Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.

  • CVE-2023-26689Sep 24, 2024
    risk 0.00cvss epss 0.01

    An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.