Cs-cart Cs-cart Multivendor — known CVE vulnerabilities
Every CVE whose affected-product data names Cs-cart Cs-cart Multivendor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2023-26686 — CVSS 9.8 (critical): File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when…
CVE-2023-26689 — CVSS 9.8 (critical): An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.
CVE-2023-26690 — CVSS 8.8 (high): File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in…
CVE-2023-26687 — CVSS 8.8 (high): Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the…
CVE-2017-2138 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor…
CVE-2023-26691 — CVSS 7.2 (high): Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when…
CVE-2023-26688 — CVSS 5.4 (medium): Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data…
CVE-2017-10886 — CVSS 5.4 (medium): Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese…