Opensolution Quick.cart — known CVE vulnerabilities
Every CVE whose affected-product data names Opensolution Quick.cart, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-23796 — CVSS 9.8 (critical): Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after…
CVE-2025-67684 — CVSS 7.2 (high): Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged…
CVE-2020-35754 — CVSS 7.2 (high): OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code…
CVE-2009-4120 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the…
CVE-2025-67683 — CVSS 6.1 (medium): Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in…
CVE-2012-6049 — CVSS 5.0 (medium): Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a…
CVE-2026-23797 — CVSS 4.9 (medium): In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing…
CVE-2012-6430 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19…
CVE-2008-4140 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via…