GHSA-7pfc-cx3m-v22x

Опубликовано: 03 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

SCart is vulnerable to cross-site scripting (XSS)

SCart e-commerce is a free open source for businesses, built on the Laravel framework. The package s-cart/s-cart before 6.9 and the package s-cart/core before 6.9 are vulnerable to cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL. An attacker can gain unauthorized access to that user's account through the stolen cookie.

Ссылки

Пакеты

Наименование

s-cart/core

composer

Затронутые версииВерсия исправления

< 6.9

6.9

Наименование

s-cart/s-cart

composer

Затронутые версииВерсия исправления

< 6.9

6.9

EPSS

Процентиль: 39%

0.00173

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-21149

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-21149

CVSS3: 5.4

nvd

почти 4 года назад

The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.

EPSS

Процентиль: 39%

0.00173

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-21149

Дефекты

CWE-79