Cs Cart Multivendor
by Office Ocx
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2138 | Hig | 0.57 | 8.8 | 0.01 | Aug 2, 2017 | Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via… | ||
| CVE-2016-4862 | Hig | 0.57 | 8.8 | 0.02 | Apr 20, 2017 | Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | ||
| CVE-2017-10886 | Med | 0.35 | 5.4 | 0.01 | Nov 17, 2017 | Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2023-26688 | 0.00 | — | 0.00 | Sep 24, 2024 | Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface. | |||
| CVE-2023-26690 | 0.00 | — | 0.01 | Sep 24, 2024 | File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu. | |||
| CVE-2023-26686 | 0.00 | — | 0.01 | Sep 24, 2024 | File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop. | |||
| CVE-2023-26687 | 0.00 | — | 0.01 | Sep 24, 2024 | Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on. | |||
| CVE-2023-26691 | 0.00 | — | 0.01 | Sep 24, 2024 | Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on. | |||
| CVE-2023-26689 | 0.00 | — | 0.01 | Sep 24, 2024 | An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request. |
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via…
- risk 0.57cvss 8.8epss 0.02
Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2023-26688Sep 24, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface.
- CVE-2023-26690Sep 24, 2024risk 0.00cvss —epss 0.01
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu.
- CVE-2023-26686Sep 24, 2024risk 0.00cvss —epss 0.01
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
- CVE-2023-26687Sep 24, 2024risk 0.00cvss —epss 0.01
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on.
- CVE-2023-26691Sep 24, 2024risk 0.00cvss —epss 0.01
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.
- CVE-2023-26689Sep 24, 2024risk 0.00cvss —epss 0.01
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.