Every CVE whose affected-product data names Qualiteam X-cart, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2004-0241 — CVSS 10.0 (critical): X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.
CVE-2006-2827 — CVSS 9.8 (critical): SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute…
CVE-2017-15285 — CVSS 8.8 (high): X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails…
CVE-2005-1822 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat…
CVE-2007-4907 — CVSS 7.5 (high): Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the…
CVE-2006-4904 — CVSS 7.5 (high): Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary…
CVE-2015-0951 — CVSS 6.5 (medium): X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or…
CVE-2004-0242 — CVSS 5.0 (medium): X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command.
CVE-2004-0240 — CVSS 5.0 (medium): Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the…
CVE-2005-1823 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML…
CVE-2012-2570 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or…
CVE-2015-5455 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via…
CVE-2015-1178 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web…
CVE-2015-0950 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script…