Vulnerabilities > CS Cart
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-32202 | Cross-site Scripting vulnerability in Cs-Cart 4.11.1 In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page. | 6.1 |
| 2017-11-28 | CVE-2017-15673 | Unrestricted Upload of File with Dangerous Type vulnerability in Cs-Cart The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page. | 7.2 |
| 2017-11-17 | CVE-2017-10886 | Cross-site Scripting vulnerability in Cs-Cart and Cs-Cart Multivendor Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-08-02 | CVE-2017-2138 | Cross-Site Request Forgery (CSRF) vulnerability in Cs-Cart and Cs-Cart Multivendor Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2017-04-20 | CVE-2016-4862 | Improper Input Validation vulnerability in Cs-Cart Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | 8.8 |