s-cart/core

s-cart/core

Releases387

Frequency3 days 18 hours

Last Release over 1 year ago

Stars14

Core for S-Cart ecommerce

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-57407 ↗	Sep 23, 2025Tuesday, 23 September 2025, 16:15	5.4 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which could lead to session hijacking or other malicious actions.
CVE-2020-28456 ↗	Dec 15, 2020Tuesday, 15 December 2020, 16:15	7.3 HIGH	4.3 MEDIUM
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.