CVE-2026-44376

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0

Description An unauthenticated Reflected Cross-Site Scripting (XSS) issue exists in the search feature. A logic flaw in the classes/catalogue.class.php file allows user input to be reflected without sanitization specifically when a search returns exactly one product. This allows an attacker to execute malicious JavaScript in the victim's browser, which can lead to session hijacking, site defacement, or phishing.

Recommendations Update to version 6.7.0.