VYPR
Vendor

S-Cart

Products
2
CVEs
6
Across products
7
Status
Private

Products

2

Recent CVEs

6
  • CVE-2021-38847HigNov 1, 2021
    risk 0.57cvss 8.8epss 0.01

    S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file.

  • CVE-2022-21149MedMay 1, 2022
    risk 0.35cvss 5.4epss 0.01

    The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the…

  • CVE-2021-44111MedFeb 11, 2022
    risk 0.22cvss 4.4epss 0.00

    A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup.

  • CVE-2025-57407Sep 23, 2025
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the…

  • CVE-2020-28457HigDec 15, 2020
    risk 0.00cvss 7.2epss 0.01

    This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS.

  • CVE-2020-28456HigDec 15, 2020
    risk 0.00cvss 7.3epss 0.01

    The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.