VYPR
Vendor

Office Ocx

Products
9
CVEs
30
Across products
37
Status
Private

Products

9

Recent CVEs

30
View all 30 CVEs →
  • CVE-2017-2138HigAug 2, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via…

  • CVE-2016-4862HigApr 20, 2017
    risk 0.57cvss 8.8epss 0.02

    Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.

  • CVE-2025-50849HigJul 31, 2025
    risk 0.52cvss 8.0epss 0.00

    CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An…

  • CVE-2017-15673HigNov 28, 2017
    risk 0.47cvss 7.2epss 0.02

    The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.

  • CVE-2017-10886MedNov 17, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2017-2143MedApr 28, 2017
    risk 0.35cvss 5.3epss 0.01

    CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php.

  • CVE-2017-2139MedApr 28, 2017
    risk 0.35cvss 5.3epss 0.01

    CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php.

  • CVE-2007-2588May 10, 2007
    risk 0.04cvss epss 0.07

    Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5)…

  • CVE-2006-2863Jun 6, 2006
    risk 0.04cvss epss 0.09

    PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.

  • CVE-2015-2701Mar 25, 2015
    risk 0.03cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.

  • CVE-2009-2579Aug 5, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability…

  • CVE-2008-6394Mar 4, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.

  • CVE-2008-1458Mar 24, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected.

  • CVE-2007-2494May 4, 2007
    risk 0.03cvss epss 0.05

    Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5)…

  • CVE-2007-2496May 4, 2007
    risk 0.03cvss epss 0.04

    The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8)…

  • CVE-2007-2495May 4, 2007
    risk 0.03cvss epss 0.04

    Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6)…

  • CVE-2005-4429Dec 21, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.

  • CVE-2025-50850Jul 31, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force…

  • CVE-2025-50847Jul 31, 2025
    risk 0.00cvss epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.

  • CVE-2025-50848Jul 31, 2025
    risk 0.00cvss epss 0.00

    A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file…