The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-05-01T15:30:50.231470Z

Updated: 2024-09-16T18:08:49.242Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-21149

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-05-01T16:15:08.020

Modified: 2024-11-21T06:43:59.437

Link: CVE-2022-21149

cve-icon Redhat

No data.