The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2022-05-01T15:30:50.231470Z
Updated: 2024-09-16T18:08:49.242Z
Reserved: 2022-02-24T00:00:00
Link: CVE-2022-21149
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-05-01T16:15:08.020
Modified: 2024-11-21T06:43:59.437
Link: CVE-2022-21149
Redhat
No data.