Vulnerability Database

296,138

Total vulnerabilities in the database

CVE-2022-21149

The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.

CVSS v3:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
s-cart / s-cart - 6.9.0
Composer icon s-cart / core - 6.9
Composer icon s-cart / s-cart - 6.9