cpe:2.3:a:qualiteam:x-cart:3.3.0:*:*:*:*:*:*:*
X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-06-06
Updated
2020-06-29
Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/.
Max CVSS
4.3
EPSS Score
0.12%
Published
2015-07-08
Updated
2015-07-09
Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter.
Max CVSS
4.3
EPSS Score
0.19%
Published
2015-01-26
Updated
2018-10-09
X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.
Max CVSS
6.5
EPSS Score
0.23%
Published
2015-04-05
Updated
2015-04-06
Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.
Max CVSS
7.5
EPSS Score
6.57%
Published
2006-09-21
Updated
2017-07-20
X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command.
Max CVSS
5.0
EPSS Score
2.39%
Published
2004-11-23
Updated
2017-07-11
X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.
Max CVSS
10.0
EPSS Score
9.04%
Published
2004-11-23
Updated
2017-07-11
Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php.
Max CVSS
5.0
EPSS Score
3.09%
Published
2004-11-23
Updated
2017-07-11
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!