VYPR

S Cart

by S-Cart

Source repositories

CVEs (5)

  • CVE-2021-38847HigNov 1, 2021
    risk 0.57cvss 8.8epss 0.01

    S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file.

  • CVE-2021-44111MedFeb 11, 2022
    risk 0.22cvss 4.4epss 0.00

    A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup.

  • CVE-2025-57407Sep 23, 2025
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the…

  • CVE-2020-28457HigDec 15, 2020
    risk 0.00cvss 7.2epss 0.01

    This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS.

  • CVE-2020-28456HigDec 15, 2020
    risk 0.00cvss 7.3epss 0.01

    The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.