VYPR

V6

by Cubecart

Source repositories

CVEs (2)

  • CVE-2026-44377CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.01

    CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates and Documents). The application unsafely evaluates user-supplied input directly…

  • CVE-2026-44376MedMay 13, 2026
    risk 0.36cvss 6.1epss 0.01

    CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns…