PT-2022-14882 · Laravel+1 · Laravel+1

Faisal Fs

Published

2022-05-01

Updated

2022-05-11

CVE-2022-21149

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions s-cart/s-cart versions prior to 6.9 s-cart/core versions prior to 6.9

Description The issue affects SCart e-commerce, a free open-source platform for businesses built on the Laravel framework. It is related to Cross-site Scripting (XSS), which can lead to cookie stealing of any victim visiting the affected URL. As a result, an attacker can gain unauthorized access to a user's account through the stolen cookie.

Recommendations For s-cart/s-cart versions prior to 6.9, update to version 6.9 or later. For s-cart/core versions prior to 6.9, update to version 6.9 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-21149

GHSA-7PFC-CX3M-V22X

SNYK-PHP-SCARTCORE-2389036

SNYK-PHP-SCARTSCART-2389035

Affected Products

Laravel

S-Cart

PT-2022-14882 · Laravel+1 · Laravel+1

CVE-2022-21149

Weakness Enumeration

Related Identifiers

Affected Products

References · 7