Vulnerability Database
296,746
Total vulnerabilities in the database
CVE-2025-57407
A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which could lead to session hijacking or other malicious actions.
| Software | From | Fixed in |
|---|---|---|
s-cart / core
|
- | 9.0.5.x |
|
gp247 / core
|
- | 1.1.24 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime