Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03cGZjLWN4M20tdjIyeM3X5Q

SCart is vulnerable to cross-site scripting (XSS)

SCart e-commerce is a free open source for businesses, built on the Laravel framework. The package s-cart/s-cart before 6.9 and the package s-cart/core before 6.9 are vulnerable to cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL. An attacker can gain unauthorized access to that user's account through the stolen cookie.

Permalink: https://github.com/advisories/GHSA-7pfc-cx3m-v22x
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03cGZjLWN4M20tdjIyeM3X5Q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago


CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Identifiers: GHSA-7pfc-cx3m-v22x, CVE-2022-21149
References: Blast Radius: 4.6

Affected Packages

packagist:s-cart/s-cart
Dependent packages: 0
Dependent repositories: 0
Downloads: 4,658 total
Affected Version Ranges: < 6.9
Fixed in: 6.9
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.1.0, 1.1.1, 1.1.2, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.18, 2.1.19, 2.1.20, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.10, 3.1.0, 3.1.1, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 4.0.0, 4.0.1, 4.1.0, 4.2.0, 4.3.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.1.0, 5.1.2, 6.0.1, 6.0.5, 6.0.6, 6.1.1, 6.2.1, 6.2.3, 6.3.1, 6.3.2, 6.4.1, 6.6.1, 6.6.2, 6.7.1, 6.7.2, 6.7.3, 6.7.4, 6.8.1, 6.8.2, 6.8.3, 6.8.4, 6.8.5, 6.8.6, 6.8.7, 6.8.8
All unaffected versions: 6.9.1, 6.9.2, 6.9.3, 6.9.4, 6.9.5, 6.9.6, 6.9.7, 6.9.8, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.1.1, 7.1.2, 7.1.3, 7.2.1, 7.2.3, 7.2.4, 7.2.5, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.8, 8.1.9, 8.1.10
packagist:s-cart/core
Dependent packages: 1
Dependent repositories: 7
Downloads: 8,801 total
Affected Version Ranges: < 6.9
Fixed in: 6.9
All affected versions: 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.3.0, 4.3.1, 4.5.0, 4.5.1, 4.5.2, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.1.0, 5.1.1, 5.1.2, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.6, 6.1.2, 6.1.3, 6.2.0, 6.2.1, 6.3.0, 6.3.1, 6.5.0, 6.7.0, 6.7.1, 6.7.2, 6.7.3, 6.7.4, 6.7.5, 6.7.6, 6.7.7, 6.7.8, 6.7.9, 6.7.10, 6.7.11, 6.7.12, 6.7.13, 6.7.14, 6.7.15, 6.7.16, 6.7.17, 6.8.0, 6.8.1, 6.8.2, 6.8.3, 6.8.4, 6.8.5, 6.8.6, 6.8.7, 6.8.8, 6.8.9, 6.8.10, 6.8.11, 6.8.12, 6.8.13, 6.8.14, 6.8.15, 6.8.16, 6.8.17
All unaffected versions: 6.9.0, 6.9.2, 6.9.3, 6.9.4, 6.9.5, 6.9.6, 6.9.7, 6.9.8, 6.9.9, 6.9.10, 6.9.11, 6.9.12, 6.9.13, 6.9.14, 6.9.15, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.1.11, 7.1.12, 7.1.13, 7.1.14, 7.1.15, 7.1.16, 7.1.17, 7.1.18, 7.1.19, 7.1.20, 7.1.21, 7.1.22, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.1.15, 8.1.16, 8.1.17, 8.1.18, 8.1.19, 8.1.20, 8.2.0, 8.2.1, 8.2.2, 9.0.0, 9.0.1, 9.0.2, 9.0.3