CVE-2025-57407

Name of the Vulnerable Software and Affected Versions S-Cart versions prior to 10.0.4

Description A stored cross-site scripting (XSS) issue exists in the Admin Log Viewer component. A remote, authenticated attacker can inject arbitrary web script or HTML through a manipulated User-Agent header. When an administrator views the security log page, the injected script is executed in their browser, potentially leading to session hijacking or other malicious activities.

Recommendations Update S-Cart to version 10.0.4 or later.