Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26686 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop. | |||||
| CVE-2023-26687 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 8.8 HIGH |
| Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on. | |||||
| CVE-2023-26688 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface. | |||||
| CVE-2023-26689 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 9.8 CRITICAL |
| An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request. | |||||
| CVE-2023-26690 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 8.8 HIGH |
| File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu. | |||||
| CVE-2023-26691 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 7.2 HIGH |
| Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on. | |||||
| CVE-2017-2138 | 1 Cs-cart | 2 Cs-cart, Cs-cart Multivendor | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-10886 | 1 Cs-cart | 2 Cs-cart, Cs-cart Multivendor | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||