CVE-2025-57407

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-57407

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57407.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-57407

Aliases

GHSA-46v4-5mc8-q2cf

Published

2025-09-23T16:15:32Z

Modified

2025-09-25T05:05:55.211218Z

Summary

[none]

Details

A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which could lead to session hijacking or other malicious actions.

References

Affected packages

Git / github.com/gp247net/core

Affected ranges

Type: GIT
Repo: https://github.com/gp247net/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

04991fc1917f0cd72411052d9c276e375b23ec31

Affected versions

1.*

1.0

1.0-beta

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1

1.1.1

1.1.10

1.1.11

1.1.12

1.1.13

1.1.14

1.1.15

1.1.16

1.1.17

1.1.18

1.1.19

1.1.2

1.1.20

1.1.21

1.1.22

1.1.23

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9