Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.11%
Published
2022-07-11
Updated
2022-07-15
LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user.
Max CVSS
5.3
EPSS Score
0.09%
Published
2020-02-25
Updated
2020-02-26
LiteCart through 2.2.1 allows CSV injection via a customer's profile.
Max CVSS
8.0
EPSS Score
0.10%
Published
2020-02-25
Updated
2021-07-21
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.
Max CVSS
8.8
EPSS Score
0.45%
Published
2018-08-16
Updated
2018-10-12
LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request.
Max CVSS
7.5
EPSS Score
0.22%
Published
2018-05-09
Updated
2018-06-12
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
Max CVSS
4.3
EPSS Score
0.64%
Published
2014-10-22
Updated
2018-10-09
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!