Vulnerabilities > S Cart > S Cart > 6.3.2

DATE CVE VULNERABILITY TITLE RISK
2022-05-01 CVE-2022-21149 Cross-site Scripting vulnerability in S-Cart
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.
network
s-cart CWE-79
3.5
3.5
2022-02-11 CVE-2021-44111 Path Traversal vulnerability in S-Cart
A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup.
local
low complexity
s-cart CWE-22
2.1
2.1
2021-11-01 CVE-2021-38847 Unrestricted Upload of File with Dangerous Type vulnerability in S-Cart
S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel.
network
low complexity
s-cart CWE-434
6.5
6.5