GHSA-46v4-5mc8-q2cf

Source

https://github.com/advisories/GHSA-46v4-5mc8-q2cf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-46v4-5mc8-q2cf/GHSA-46v4-5mc8-q2cf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-46v4-5mc8-q2cf

Aliases

CVE-2025-57407

Published

2025-09-23T18:30:22Z

Modified

2025-09-23T20:12:20.321803Z

Severity

1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U CVSS Calculator

Summary

GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability

Details

A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which could lead to session hijacking or other malicious actions.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed_at": "2025-09-23T19:02:43Z",
    "nvd_published_at": "2025-09-23T16:15:32Z"
}

References

Affected packages

Packagist / s-cart/core

Package

Name: s-cart/core
Purl: pkg:composer/s-cart/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

9.0.5

Affected versions

4.*

4.0.0-beta

4.0.0

4.0.1

4.0.1.1

4.0.1.2

4.0.1.3

4.0.1.4

4.0.1.5

4.1.0

4.1.0.1

4.1.0.2

4.1.0.3

4.1.0.4

4.1.0.5

4.1.1

4.2.0

4.2.1

4.2.1.1

4.2.1.2

4.2.1.3

4.2.1.4

4.2.1.5

4.2.2.0

4.2.2.1

4.2.2.2

4.2.3.0

4.3.0

4.3.0.1

4.3.1

4.3.1.1

4.3.1.2

4.3.2.0

4.4.0-beta

4.4.0.0

4.4.0.1

4.4.0.2

4.4.0.3

4.4.0.4

4.4.0.5

4.4.1.0

4.4.1.1

4.4.2.0

4.5.0

4.5.1

4.5.2

5.*

5.0.0-beta

5.0.0

5.0.1

5.0.2

5.0.2.1

5.0.3

5.0.4

5.0.5

5.0.6

5.0.6.1

5.0.6.2

5.1.0

5.1.1

5.1.2

5.1.2.1

6.*

6.0-beta

6.0.1

6.0.2

6.0.2.1

6.0.2.2

6.0.2.3

6.0.3

6.0.3.1

6.0.3.2

6.0.3.3

6.0.3.4

6.0.4

6.0.4.1

6.0.4.2

6.0.4.3

6.0.4.4

6.0.4.5

6.0.4.6

6.0.5.0

6.0.5.1

6.0.5.2

6.0.5.3

6.0.5.4

6.0.6

6.0.6.1

6.0.6.2

6.0.6.3

6.0.6.4

6.1.0.0

6.1.0.1

6.1.0.2

6.1.0.3

6.1.1.0

6.1.1.1

6.1.2

6.1.2.3

6.1.3

6.2.0

6.2.1

6.2.1.1

6.2.1.2

6.2.1.3

6.2.1.4

6.2.1.5

6.2.1.6

6.2.1.7

6.2.1.8

6.2.2.0

6.2.2.1

6.2.2.2

6.2.2.3

6.2.3.0

6.2.3.1

6.2.3.2

6.2.3.3

6.2.3.4

6.2.3.5

6.2.3.6

6.2.3.7

6.2.3.8

6.3.0-beta

6.3.0

6.3.0.1

6.3.0.2

6.3.0.3

6.3.0.4

6.3.1

6.3.1.1

6.3.1.2

6.3.1.3

6.3.3.0

6.3.3.1

6.3.3.2

6.3.3.3

6.3.3.4

6.3.3.5

6.3.3.6

6.4.0.0

6.4.0.1

6.4.0.2

6.4.0.3

6.4.0.4

6.4.0.5

6.4.0.6

6.4.1.0

6.4.1.1

6.4.1.2

6.4.1.3

6.4.1.4

6.4.1.5

6.4.1.6

6.4.1.7

6.4.1.8

6.4.1.9

6.4.2.0

6.4.2.1

6.4.2.2

6.4.2.3

6.4.2.4

6.4.2.5

6.5.0-beta

6.5.0

6.5.0.1

6.5.0.2

6.5.0.3

6.5.0.4

6.5.0.5

6.5.0.6

6.5.0.7

6.5.1.0

6.5.1.1

6.5.1.2

6.5.1.3

6.5.1.4

6.5.1.5

6.5.1.6

6.5.1.7

6.5.1.8

6.5.1.9

6.5.2.0

6.5.2.1

6.5.2.2

6.5.2.3

6.5.2.4

6.5.2.5

6.5.2.6

6.5.2.7

6.5.2.8

6.5.2.9

6.5.2.10

6.6.0.0-beta

6.6.0.0

6.6.0.1

6.6.0.2

6.6.0.3

6.6.0.4

6.6.0.5

6.6.0.6

6.6.1.0

6.6.1.1

6.6.1.2

6.6.2.0

6.6.2.1

6.6.2.2

6.6.2.3

6.6.2.4

6.6.2.5

6.6.2.6

6.6.2.7

6.6.2.8

6.7.0

6.7.1

6.7.2

6.7.3

6.7.3.1

6.7.3.2

6.7.3.3

6.7.4

6.7.5

6.7.6

6.7.7

6.7.8

6.7.9

6.7.10

6.7.11

6.7.12

6.7.13

6.7.14

6.7.15

6.7.16

6.7.17

6.8.0

6.8.1

6.8.2

6.8.3

6.8.4

6.8.5

6.8.6

6.8.7

6.8.8

6.8.9

6.8.10

6.8.11

6.8.12

6.8.13

6.8.14

6.8.15

6.8.16

6.8.17

6.9.0-beta

6.9.0-beta2

6.9.0

6.9.0.1

6.9.0.2

6.9.0.3

6.9.0.4

6.9.0.5

6.9.0.6

6.9.0.7

6.9.0.8

6.9.1.0

6.9.1.1

6.9.1.2

6.9.2

6.9.2.1

6.9.2.2

6.9.2.3

6.9.3

6.9.3.1

6.9.3.2

6.9.4

6.9.5

6.9.6

6.9.7

6.9.8

6.9.9

6.9.10

6.9.11

6.9.12

6.9.13

6.9.14

6.9.15

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.0.4

7.0.5

7.0.6

7.0.7

7.0.8

7.0.9

7.1.0

7.1.1

7.1.2

7.1.3

7.1.4

7.1.5

7.1.6

7.1.7

7.1.8

7.1.9

7.1.10

7.1.11

7.1.12

7.1.13

7.1.14

7.1.15

7.1.16

7.1.17

7.1.18

7.1.19

7.1.20

7.1.21

7.1.22

7.2-beta

7.2.0.1

7.2.0.2

7.2.0.3

7.2.0.4

7.2.1.0

7.2.1.1

7.2.1.2

7.2.1.3

7.2.1.4

7.2.1.5

7.2.2.0

7.2.2.1

7.2.2.2

7.2.3.0

7.2.3.1

7.2.4.0

7.2.4.1

7.2.4.2

7.2.4.3

7.2.4.4

7.2.4.5

7.2.4.6

7.2.4.7

7.2.5.0

7.2.5.1

7.2.5.2

7.2.5.3

7.2.5.4

7.2.5.5

7.2.5.6

7.2.5.7

8.*

8.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

8.1.0

8.1.1

8.1.2

8.1.3

8.1.4

8.1.5

8.1.6

8.1.7

8.1.8

8.1.9

8.1.10

8.1.11

8.1.12

8.1.13

8.1.14

8.1.15

8.1.16

8.1.17

8.1.18

8.1.19

8.1.20

9.*

9.0.0

9.0.1

9.0.2

9.0.3

9.0.4

9.0.5

Packagist / gp247/core

Package

Name: gp247/core
Purl: pkg:composer/gp247/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.24

Affected versions

1.*

1.0-beta

1.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.1.10

1.1.11

1.1.12

1.1.13

1.1.14

1.1.15

1.1.16

1.1.17

1.1.18

1.1.19

1.1.20

1.1.21

1.1.22

1.1.23