CVE-2025-50848

Name of the Vulnerable Software and Affected Versions CS Cart version 4.18.3

Description A file upload vulnerability exists that allows attackers to execute arbitrary code. The software allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This enables an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Serving content from a trusted domain increases the likelihood of successful phishing or script execution against other users.

Recommendations Restrict file uploads to only necessary file types and thoroughly validate all uploaded files to prevent the execution of malicious code.