CVE-2022-21149 – s-cart/core

Package

Manager: composer
Name: s-cart/core
Vulnerable Version: >=0 <6.9

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00266 pctl0.49845

Details

SCart is vulnerable to cross-site scripting (XSS) SCart e-commerce is a free open source for businesses, built on the Laravel framework. The package s-cart/s-cart before 6.9 and the package s-cart/core before 6.9 are vulnerable to cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL. An attacker can gain unauthorized access to that user's account through the stolen cookie.

Metadata

Created: 2022-05-03T00:00:46Z
Modified: 2022-05-23T19:37:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7pfc-cx3m-v22x/GHSA-7pfc-cx3m-v22x.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-7pfc-cx3m-v22x
Finding: F425
Auto approve: 1