Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03cGZjLWN4M20tdjIyeM3X5Q
SCart is vulnerable to cross-site scripting (XSS)
SCart e-commerce is a free open source for businesses, built on the Laravel framework. The package s-cart/s-cart before 6.9 and the package s-cart/core before 6.9 are vulnerable to cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL. An attacker can gain unauthorized access to that user's account through the stolen cookie.
Permalink: https://github.com/advisories/GHSA-7pfc-cx3m-v22xJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03cGZjLWN4M20tdjIyeM3X5Q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Identifiers: GHSA-7pfc-cx3m-v22x, CVE-2022-21149
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-21149
- https://snyk.io/vuln/SNYK-PHP-SCARTCORE-2389036
- https://snyk.io/vuln/SNYK-PHP-SCARTSCART-2389035
- https://github.com/advisories/GHSA-7pfc-cx3m-v22x
Affected Packages
packagist:s-cart/s-cart
Dependent packages: 0Dependent repositories: 0
Downloads: 4,891 total
Affected Version Ranges: < 6.9
Fixed in: 6.9
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.1.0, 1.1.1, 1.1.2, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.18, 2.1.19, 2.1.20, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.10, 3.1.0, 3.1.1, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 4.0.0, 4.0.1, 4.1.0, 4.2.0, 4.3.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.1.0, 5.1.2, 6.0.1, 6.0.5, 6.0.6, 6.1.1, 6.2.1, 6.2.3, 6.3.1, 6.3.2, 6.4.1, 6.6.1, 6.6.2, 6.7.1, 6.7.2, 6.7.3, 6.7.4, 6.8.1, 6.8.2, 6.8.3, 6.8.4, 6.8.5, 6.8.6, 6.8.7, 6.8.8
All unaffected versions: 6.9.1, 6.9.2, 6.9.3, 6.9.4, 6.9.5, 6.9.6, 6.9.7, 6.9.8, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.1.1, 7.1.2, 7.1.3, 7.2.1, 7.2.3, 7.2.4, 7.2.5, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 9.0.1
packagist:s-cart/core
Dependent packages: 1Dependent repositories: 7
Downloads: 9,120 total
Affected Version Ranges: < 6.9
Fixed in: 6.9
All affected versions: 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.3.0, 4.3.1, 4.5.0, 4.5.1, 4.5.2, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.1.0, 5.1.1, 5.1.2, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.6, 6.1.2, 6.1.3, 6.2.0, 6.2.1, 6.3.0, 6.3.1, 6.5.0, 6.7.0, 6.7.1, 6.7.2, 6.7.3, 6.7.4, 6.7.5, 6.7.6, 6.7.7, 6.7.8, 6.7.9, 6.7.10, 6.7.11, 6.7.12, 6.7.13, 6.7.14, 6.7.15, 6.7.16, 6.7.17, 6.8.0, 6.8.1, 6.8.2, 6.8.3, 6.8.4, 6.8.5, 6.8.6, 6.8.7, 6.8.8, 6.8.9, 6.8.10, 6.8.11, 6.8.12, 6.8.13, 6.8.14, 6.8.15, 6.8.16, 6.8.17
All unaffected versions: 6.9.0, 6.9.2, 6.9.3, 6.9.4, 6.9.5, 6.9.6, 6.9.7, 6.9.8, 6.9.9, 6.9.10, 6.9.11, 6.9.12, 6.9.13, 6.9.14, 6.9.15, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.1.11, 7.1.12, 7.1.13, 7.1.14, 7.1.15, 7.1.16, 7.1.17, 7.1.18, 7.1.19, 7.1.20, 7.1.21, 7.1.22, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.1.15, 8.1.16, 8.1.17, 8.1.18, 8.1.19, 8.1.20, 8.2.0, 8.2.1, 8.2.2, 9.0.0, 9.0.1, 9.0.2, 9.0.3