Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26686 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 9.8 CRITICAL |
|
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
|
|||||
| CVE-2023-26687 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 8.8 HIGH |
|
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on.
|
|||||
| CVE-2023-26688 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface.
|
|||||
| CVE-2023-26689 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 9.8 CRITICAL |
|
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.
|
|||||
| CVE-2023-26690 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 8.8 HIGH |
|
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu.
|
|||||
| CVE-2023-26691 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 7.2 HIGH |
|
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.
|
|||||
| CVE-2017-2138 | 1 Cs-cart | 2 Cs-cart, Cs-cart Multivendor | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2017-10886 | 1 Cs-cart | 2 Cs-cart, Cs-cart Multivendor | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
|
|||||