Skip to content

SCart is vulnerable to cross-site scripting (XSS)

Moderate severity GitHub Reviewed Published May 3, 2022 to the GitHub Advisory Database • Updated Feb 1, 2023

Package

composer s-cart/core (Composer)

Affected versions

< 6.9

Patched versions

6.9
composer s-cart/s-cart (Composer)
< 6.9
6.9

Description

SCart e-commerce is a free open source for businesses, built on the Laravel framework. The package s-cart/s-cart before 6.9 and the package s-cart/core before 6.9 are vulnerable to cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL. An attacker can gain unauthorized access to that user's account through the stolen cookie.

References

Published by the National Vulnerability Database May 1, 2022
Published to the GitHub Advisory Database May 3, 2022
Reviewed May 23, 2022
Last updated Feb 1, 2023

Severity

Moderate
5.4
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Weaknesses

CVE ID

CVE-2022-21149

GHSA ID

GHSA-7pfc-cx3m-v22x

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.