GHSA-7pfc-cx3m-v22x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7pfc-cx3m-v22x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7pfc-cx3m-v22x/GHSA-7pfc-cx3m-v22x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7pfc-cx3m-v22x
- Aliases
-
- CVE-2022-21149
- SNYK-PHP-SCARTCORE-2389036
- SNYK-PHP-SCARTSCART-2389035
- Published
- 2022-05-03T00:00:46Z
- Modified
- 2024-09-03T04:12:12.946135Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- SCart is vulnerable to cross-site scripting (XSS)
- Details
-
SCart e-commerce is a free open source for businesses, built on the Laravel framework. The package s-cart/s-cart before 6.9 and the package s-cart/core before 6.9 are vulnerable to cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL. An attacker can gain unauthorized access to that user's account through the stolen cookie.
- Database specific
{ "nvd_published_at": "2022-05-01T16:15:00Z", "github_reviewed_at": "2022-05-23T19:37:17Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }- References
Affected packages
Packagist / s-cart/core
Package
- Name
- s-cart/core
- Purl
- pkg:composer/s-cart/core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.9
Affected versions
4.*
4.0.0-beta
4.0.0
4.0.1
4.0.1.1
4.0.1.2
4.0.1.3
4.0.1.4
4.0.1.5
4.1.0
4.1.0.1
4.1.0.2
4.1.0.3
4.1.0.4
4.1.0.5
4.1.1
4.2.0
4.2.1
4.2.1.1
4.2.1.2
4.2.1.3
4.2.1.4
4.2.1.5
4.2.2.0
4.2.2.1
4.2.2.2
4.2.3.0
4.3.0
4.3.0.1
4.3.1
4.3.1.1
4.3.1.2
4.3.2.0
4.4.0-beta
4.4.0.0
4.4.0.1
4.4.0.2
4.4.0.3
4.4.0.4
4.4.0.5
4.4.1.0
4.4.1.1
4.4.2.0
4.5.0
4.5.1
4.5.2
5.*
5.0.0-beta
5.0.0
5.0.1
5.0.2
5.0.2.1
5.0.3
5.0.4
5.0.5
5.0.6
5.0.6.1
5.0.6.2
5.1.0
5.1.1
5.1.2
5.1.2.1
6.*
6.0-beta
6.0.1
6.0.2
6.0.2.1
6.0.2.2
6.0.2.3
6.0.3
6.0.3.1
6.0.3.2
6.0.3.3
6.0.3.4
6.0.4
6.0.4.1
6.0.4.2
6.0.4.3
6.0.4.4
6.0.4.5
6.0.4.6
6.0.5.0
6.0.5.1
6.0.5.2
6.0.5.3
6.0.5.4
6.0.6
6.0.6.1
6.0.6.2
6.0.6.3
6.0.6.4
6.1.0.0
6.1.0.1
6.1.0.2
6.1.0.3
6.1.1.0
6.1.1.1
6.1.2
6.1.2.3
6.1.3
6.2.0
6.2.1
6.2.1.1
6.2.1.2
6.2.1.3
6.2.1.4
6.2.1.5
6.2.1.6
6.2.1.7
6.2.1.8
6.2.2.0
6.2.2.1
6.2.2.2
6.2.2.3
6.2.3.0
6.2.3.1
6.2.3.2
6.2.3.3
6.2.3.4
6.2.3.5
6.2.3.6
6.2.3.7
6.2.3.8
6.3.0-beta
6.3.0
6.3.0.1
6.3.0.2
6.3.0.3
6.3.0.4
6.3.1
6.3.1.1
6.3.1.2
6.3.1.3
6.3.3.0
6.3.3.1
6.3.3.2
6.3.3.3
6.3.3.4
6.3.3.5
6.3.3.6
6.4.0.0
6.4.0.1
6.4.0.2
6.4.0.3
6.4.0.4
6.4.0.5
6.4.0.6
6.4.1.0
6.4.1.1
6.4.1.2
6.4.1.3
6.4.1.4
6.4.1.5
6.4.1.6
6.4.1.7
6.4.1.8
6.4.1.9
6.4.2.0
6.4.2.1
6.4.2.2
6.4.2.3
6.4.2.4
6.4.2.5
6.5.0-beta
6.5.0
6.5.0.1
6.5.0.2
6.5.0.3
6.5.0.4
6.5.0.5
6.5.0.6
6.5.0.7
6.5.1.0
6.5.1.1
6.5.1.2
6.5.1.3
6.5.1.4
6.5.1.5
6.5.1.6
6.5.1.7
6.5.1.8
6.5.1.9
6.5.2.0
6.5.2.1
6.5.2.2
6.5.2.3
6.5.2.4
6.5.2.5
6.5.2.6
6.5.2.7
6.5.2.8
6.5.2.9
6.5.2.10
6.6.0.0-beta
6.6.0.0
6.6.0.1
6.6.0.2
6.6.0.3
6.6.0.4
6.6.0.5
6.6.0.6
6.6.1.0
6.6.1.1
6.6.1.2
6.6.2.0
6.6.2.1
6.6.2.2
6.6.2.3
6.6.2.4
6.6.2.5
6.6.2.6
6.6.2.7
6.6.2.8
6.7.0
6.7.1
6.7.2
6.7.3
6.7.3.1
6.7.3.2
6.7.3.3
6.7.4
6.7.5
6.7.6
6.7.7
6.7.8
6.7.9
6.7.10
6.7.11
6.7.12
6.7.13
6.7.14
6.7.15
6.7.16
6.7.17
6.8.0
6.8.1
6.8.2
6.8.3
6.8.4
6.8.5
6.8.6
6.8.7
6.8.8
6.8.9
6.8.10
6.8.11
6.8.12
6.8.13
6.8.14
6.8.15
6.8.16
6.8.17
Packagist / s-cart/s-cart
Package
- Name
- s-cart/s-cart
- Purl
- pkg:composer/s-cart/s-cart
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.9
Affected versions
v1.*
v1.0-beta
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.1.0
v1.1.1
v1.1.2
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.1.9
v2.1.10
v2.1.11
v2.1.12
v2.1.13
v2.1.14
v2.1.15
v2.1.16
v2.1.18
v2.1.19
v2.1.20
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.10
v3.1-beta
v3.1-beta2
v3.1.0
v3.1.1
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v4.*
v4.0.0-beta
v4.0.0
v4.0.1
v4.1.0
v4.2.0
v4.3
v4.3.2
v4.4
v4.4.0-beta
v4.5
v5.*
v5.0-beta
v5.0
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.1-beta
v5.1.0
v5.1.2
v6.*
v6.0-beta
v6.0-beta2
v6.0-beta3
v6.0
v6.0.1
v6.0.5
v6.0.6
v6.1
v6.1.1
v6.2
v6.2.1
v6.2.3
v6.2.3.1
v6.2.3.2
v6.3
v6.3.1
v6.3.2
v6.3.2.1
v6.3.2.2
v6.3.2.3
v6.3.3.0
v6.3.3.1
v6.3.3.3
v6.3.3.4
v6.3.4.0
v6.4
v6.4.0.1
v6.4.1
v6.4.1.1
v6.4.1.2
v6.5
v6.5.0-beta-0
v6.5.0-beta-1
v6.5.1.1
v6.5.2.0
v6.5.2.1
v6.6
v6.6.0-beta
v6.6.1
v6.6.2
v6.7
v6.7.1
v6.7.2
v6.7.3
v6.7.4
v6.8
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8