SCart is vulnerable to cross-site scripting (XSS)
Moderate severity
GitHub Reviewed
Published
May 3, 2022
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
May 1, 2022
Published to the GitHub Advisory Database
May 3, 2022
Reviewed
May 23, 2022
Last updated
Feb 1, 2023
SCart e-commerce is a free open source for businesses, built on the Laravel framework. The package s-cart/s-cart before 6.9 and the package s-cart/core before 6.9 are vulnerable to cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL. An attacker can gain unauthorized access to that user's account through the stolen cookie.
References