Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cs-cart cs-cart vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-2138
Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and previous versions (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and previous versions (excluding v2 and v3) allows remote malicious users to hijack the authentication of ...
Cs-cart Cs-cart Multivendor
Cs-cart Cs-cart
8.8
CVSSv3
CVE-2016-4862
Twigmo bundled with CS-Cart 4.3.9 and previous versions and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and previous versions allow remote authenticated users to execute arbitrary PHP code on the servers.
Cs-cart Cs-cart
7.5
CVSSv3
CVE-2020-8889
The ShipStation.com plugin 1.0 for CS-Cart allows remote malicious users to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL.
Shipstation Shipstation 1.0
7.2
CVSSv3
CVE-2017-15673
The files function in the administration section in CS-Cart 4.6.2 and previous versions allows malicious users to execute arbitrary PHP code via vectors involving a custom page.
Cs-cart Cs-cart
1 Github repository
6.1
CVSSv3
CVE-2021-32202
In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page.
Cs-cart Cs-cart 4.11.1
1 Github repository
5.4
CVSSv3
CVE-2017-10886
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and previous versions (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and previous versions (excluding v2 and v3) allows an malicious user to inject arbitrary web script or HTML via unspeci...
Cs-cart Cs-cart Multivendor 4.3.10
Cs-cart Cs-cart Multivendor 4.3.9
Cs-cart Cs-cart Multivendor 4.1.3
Cs-cart Cs-cart Multivendor 4.1.2
Cs-cart Cs-cart Multivendor 4.1.1
Cs-cart Cs-cart Multivendor 4.0.3
Cs-cart Cs-cart 4.2.3
Cs-cart Cs-cart 4.2.2
Cs-cart Cs-cart 4.2.1
Cs-cart Cs-cart 4.1.4
Cs-cart Cs-cart Multivendor 4.3.7
Cs-cart Cs-cart Multivendor 4.3.5
Cs-cart Cs-cart Multivendor 4.2.2
Cs-cart Cs-cart Multivendor 4.1.4
Cs-cart Cs-cart Multivendor 4.0.2
Cs-cart Cs-cart 4.3.10
Cs-cart Cs-cart 4.3.3
Cs-cart Cs-cart 4.3.1
Cs-cart Cs-cart 4.1.2
Cs-cart Cs-cart 4.0.3
Cs-cart Cs-cart Multivendor 4.3.3
Cs-cart Cs-cart Multivendor 4.3.2
5.3
CVSSv3
CVE-2017-2139
CS-Cart Japanese Edition v4.3.10 and previous versions (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and previous versions (excluding v2 and v3) allows remote malicious users to bypass access restriction to obtain customer information via orders.pre.php.
Frogman Office Inc Cs-cart
5.3
CVSSv3
CVE-2017-2143
CS-Cart Japanese Edition v4.3.10-jp-1 and previous versions, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and previous versions allows remote malicious users to bypass access restriction to create a request to return a customer purchased item via rma.post.php.
Frogman Office Inc Cs-cart Japanese Edition 4.3.10-jp-1
Frogman Office Inc Cs-cart Multivendor Japanese Edition 4.3.10-jp-1
3.7
CVSSv3
CVE-2020-9009
The ShipStation.com plugin 1.1 and previous versions for CS-Cart allows remote malicious users to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.
Shipstation Shipstation
NA
CVE-2015-2701
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote malicious users to hijack the authentication of users for requests that change a user password via a request to profiles-update/.
Cs-cart Cs-cart 4.2.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »